It is about common sense not software !

Data Theft Prevention for the
SME.

Data Protection … Keeping it simple.
Do you have important data on
the computer ?
•
•
•
•
•
•

Customer Information
Technical Drawings / Source Code
Financials...
What will happen if the data gets
stolen ?
•
•
•
•
•
•

Loss of Business
Financial / Revenue Losses
Productivity Losses
In...
Cause of a Data Breach
Root Cause of Data Breach

35%

36%

Malicious or Criminal
Attack
System Glitch
Human Factor

29%

...
Higher Risk of insider Data
Theft.
•
•
•
•
•

Sudden resignation of employee / partner
Employees joining competitors
Famil...
Some Possible Signs of Data
Theft
•
•
•
•

Request for purchase of USB Pen Drives
Working when no one else is there
Person...
Common Ways of Copying Data
•
•
•
•
•

Physical Theft
Print Outs
USB, CD/DVDs, Hard Disks
Laptops / Tablets / Smart Phones...
Industry Wise Data Theft
3%

1%1%
2% 2%

Distribution
17%

3%
3%

8%

14%
9%

11%

14%

12%

Financial
Public Services
Ret...
Costs of Data Breach
•
•
•
•

Number of Records Breached : 26,586
Cost of Data Breach : Rs. 5.4 crores
Average Notificatio...
Legal Liability Cost
• IT Act. (2008) – 43A :
Compensation for failure to protect client data
can be up to 5 crores.

Data...
Legal Liability Cost
• IT Act. (2008) – 72A :
Punishment for Disclosure of Information in
Breach of Lawful Contract.
– Imp...
So now what ?
Do not think ‘software’ only ... Think
first what happens to data in office.

Data Protection … Keeping it s...
Do you even know what data you
have ?
•
•
•
•
•

Where is your data stored ?
Which information is considered sensitive ?
W...
Data Theft without
software. (1)
• Education of employees / contractors about
IP / Company Data / Customer Data
• Agreemen...
Data Theft without
software. (2)
• Secure Physical Devices / PCs / Laptops
• Secure Offices Portable Storage Devices
(USB ...
You can not steal what is not
there..!!
• Archive / Backup Data not being used
• Delete Data not being used

Data Protecti...
What about inventory ?
• How many PCs / laptops ?
• What is the h/w configuration of each PC ?
• What is loaded on each PC...
What about the basic network ?
•
•
•
•
•
•

Do you have a Server ?
List of Machine Names / IP addresses
Does everyone have...
User Account Policies
Dynamite against data theft.
•
•
•
•
•
•

No empty / default passwords
Passwords should expire
Stron...
Reckless Wireless Routers.
•
•
•
•
•

No SSID Broadcast
No Wireless Configuration
MacIDs
User Name / Password Security
Cha...
‘MUST’ Software
• Anti Virus / Anti Malware / Anti Spam /
Anti Phishing Software
• Regular Updates of AV / Operating
Syste...
But Anti Virus is NOT enough to
stop employees stealing data !

Data Protection … Keeping it simple.
Stepping towards Basic DLP.
• Internet Access Control
– Websites, Protocols, Firewalls, Proxies

• Device Control
– USB , ...
Humans, Common Sense and
Policies !
It will surely help – all the best !

Data Protection … Keeping it simple.
Upcoming SlideShare
Loading in …5
×

Data Protection, Humans and Common Sense

405 views
305 views

Published on

Data Theft Prevention for the SME / SMB is more about humans, common sense and policies. Data Loss Prevention Software is just one of the means and definitely not the end.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
405
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Data Protection, Humans and Common Sense

  1. 1. It is about common sense not software ! Data Theft Prevention for the SME. Data Protection … Keeping it simple.
  2. 2. Do you have important data on the computer ? • • • • • • Customer Information Technical Drawings / Source Code Financials / Employee Information Marketing / Contact Information Quotations / Agreements / Contracts Personal Information Data Protection … Keeping it simple.
  3. 3. What will happen if the data gets stolen ? • • • • • • Loss of Business Financial / Revenue Losses Productivity Losses Intellectual Property Losses Loss of Reputation Legal Liabilities Data Protection … Keeping it simple.
  4. 4. Cause of a Data Breach Root Cause of Data Breach 35% 36% Malicious or Criminal Attack System Glitch Human Factor 29% Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  5. 5. Higher Risk of insider Data Theft. • • • • • Sudden resignation of employee / partner Employees joining competitors Family relations in competing company Staff starting their own similar business Employees being layed off / fired Data Protection … Keeping it simple.
  6. 6. Some Possible Signs of Data Theft • • • • Request for purchase of USB Pen Drives Working when no one else is there Personal Devices being brought to office Your information appearing in the public domain • Identical Products and all your customers being contacted suddenly Data Protection … Keeping it simple.
  7. 7. Common Ways of Copying Data • • • • • Physical Theft Print Outs USB, CD/DVDs, Hard Disks Laptops / Tablets / Smart Phones / Mobiles Internet / Remote Access / Messengers Data Protection … Keeping it simple.
  8. 8. Industry Wise Data Theft 3% 1%1% 2% 2% Distribution 17% 3% 3% 8% 14% 9% 11% 14% 12% Financial Public Services Retail Services Consumer Industrial Technology Communications Hospitality Pharmaceuticals Transportation Energy Healthcare Media Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  9. 9. Costs of Data Breach • • • • Number of Records Breached : 26,586 Cost of Data Breach : Rs. 5.4 crores Average Notification Cost : Rs. 12 lacs Average Cost of Lost Business : Rs 1.5 crores Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  10. 10. Legal Liability Cost • IT Act. (2008) – 43A : Compensation for failure to protect client data can be up to 5 crores. Data Protection … Keeping it simple.
  11. 11. Legal Liability Cost • IT Act. (2008) – 72A : Punishment for Disclosure of Information in Breach of Lawful Contract. – Imprisonment of 3 years and/or a fine up to Rs. 5 lacs. Data Protection … Keeping it simple.
  12. 12. So now what ? Do not think ‘software’ only ... Think first what happens to data in office. Data Protection … Keeping it simple.
  13. 13. Do you even know what data you have ? • • • • • Where is your data stored ? Which information is considered sensitive ? Who has access to it ? Do all PCs require all the data ? What about data on portable storage ? Data Protection … Keeping it simple.
  14. 14. Data Theft without software. (1) • Education of employees / contractors about IP / Company Data / Customer Data • Agreements and Understanding of Non Disclosure • Strict Action to non adherence of company policies Data Protection … Keeping it simple.
  15. 15. Data Theft without software. (2) • Secure Physical Devices / PCs / Laptops • Secure Offices Portable Storage Devices (USB , CD/DVDs) • Who can sit on which computer • Disallow Unauthorized Devices/PCs if possible. Data Protection … Keeping it simple.
  16. 16. You can not steal what is not there..!! • Archive / Backup Data not being used • Delete Data not being used Data Protection … Keeping it simple.
  17. 17. What about inventory ? • How many PCs / laptops ? • What is the h/w configuration of each PC ? • What is loaded on each PC - OS, software and data. ? • Inventory of removable / portable storage. • Inventory of portable modems. Data Protection … Keeping it simple.
  18. 18. What about the basic network ? • • • • • • Do you have a Server ? List of Machine Names / IP addresses Does everyone have user name / passwords Do you allow Remote Access ? Wifi / Wired ? Internet Connection Single Entry ?. Data Protection … Keeping it simple.
  19. 19. User Account Policies Dynamite against data theft. • • • • • • No empty / default passwords Passwords should expire Strong Passwords No Common Passwords. Privileges / Account Deletion Remote Access Data Protection … Keeping it simple.
  20. 20. Reckless Wireless Routers. • • • • • No SSID Broadcast No Wireless Configuration MacIDs User Name / Password Security Change Default Password Data Protection … Keeping it simple.
  21. 21. ‘MUST’ Software • Anti Virus / Anti Malware / Anti Spam / Anti Phishing Software • Regular Updates of AV / Operating Systems • Regular Patches of OS and Software • User Access / Privilege Management Data Protection … Keeping it simple.
  22. 22. But Anti Virus is NOT enough to stop employees stealing data ! Data Protection … Keeping it simple.
  23. 23. Stepping towards Basic DLP. • Internet Access Control – Websites, Protocols, Firewalls, Proxies • Device Control – USB , CD/DVDs, Modems , Blue tooth • Upload of Data – Browser Based Uploads • Encryption Data Protection … Keeping it simple.
  24. 24. Humans, Common Sense and Policies ! It will surely help – all the best ! Data Protection … Keeping it simple.

×