Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Data Protection, Humans and Common Sense

497 views

Published on

Data Theft Prevention for the SME / SMB is more about humans, common sense and policies. Data Loss Prevention Software is just one of the means and definitely not the end.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Data Protection, Humans and Common Sense

  1. 1. It is about common sense not software ! Data Theft Prevention for the SME. Data Protection … Keeping it simple.
  2. 2. Do you have important data on the computer ? • • • • • • Customer Information Technical Drawings / Source Code Financials / Employee Information Marketing / Contact Information Quotations / Agreements / Contracts Personal Information Data Protection … Keeping it simple.
  3. 3. What will happen if the data gets stolen ? • • • • • • Loss of Business Financial / Revenue Losses Productivity Losses Intellectual Property Losses Loss of Reputation Legal Liabilities Data Protection … Keeping it simple.
  4. 4. Cause of a Data Breach Root Cause of Data Breach 35% 36% Malicious or Criminal Attack System Glitch Human Factor 29% Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  5. 5. Higher Risk of insider Data Theft. • • • • • Sudden resignation of employee / partner Employees joining competitors Family relations in competing company Staff starting their own similar business Employees being layed off / fired Data Protection … Keeping it simple.
  6. 6. Some Possible Signs of Data Theft • • • • Request for purchase of USB Pen Drives Working when no one else is there Personal Devices being brought to office Your information appearing in the public domain • Identical Products and all your customers being contacted suddenly Data Protection … Keeping it simple.
  7. 7. Common Ways of Copying Data • • • • • Physical Theft Print Outs USB, CD/DVDs, Hard Disks Laptops / Tablets / Smart Phones / Mobiles Internet / Remote Access / Messengers Data Protection … Keeping it simple.
  8. 8. Industry Wise Data Theft 3% 1%1% 2% 2% Distribution 17% 3% 3% 8% 14% 9% 11% 14% 12% Financial Public Services Retail Services Consumer Industrial Technology Communications Hospitality Pharmaceuticals Transportation Energy Healthcare Media Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  9. 9. Costs of Data Breach • • • • Number of Records Breached : 26,586 Cost of Data Breach : Rs. 5.4 crores Average Notification Cost : Rs. 12 lacs Average Cost of Lost Business : Rs 1.5 crores Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  10. 10. Legal Liability Cost • IT Act. (2008) – 43A : Compensation for failure to protect client data can be up to 5 crores. Data Protection … Keeping it simple.
  11. 11. Legal Liability Cost • IT Act. (2008) – 72A : Punishment for Disclosure of Information in Breach of Lawful Contract. – Imprisonment of 3 years and/or a fine up to Rs. 5 lacs. Data Protection … Keeping it simple.
  12. 12. So now what ? Do not think ‘software’ only ... Think first what happens to data in office. Data Protection … Keeping it simple.
  13. 13. Do you even know what data you have ? • • • • • Where is your data stored ? Which information is considered sensitive ? Who has access to it ? Do all PCs require all the data ? What about data on portable storage ? Data Protection … Keeping it simple.
  14. 14. Data Theft without software. (1) • Education of employees / contractors about IP / Company Data / Customer Data • Agreements and Understanding of Non Disclosure • Strict Action to non adherence of company policies Data Protection … Keeping it simple.
  15. 15. Data Theft without software. (2) • Secure Physical Devices / PCs / Laptops • Secure Offices Portable Storage Devices (USB , CD/DVDs) • Who can sit on which computer • Disallow Unauthorized Devices/PCs if possible. Data Protection … Keeping it simple.
  16. 16. You can not steal what is not there..!! • Archive / Backup Data not being used • Delete Data not being used Data Protection … Keeping it simple.
  17. 17. What about inventory ? • How many PCs / laptops ? • What is the h/w configuration of each PC ? • What is loaded on each PC - OS, software and data. ? • Inventory of removable / portable storage. • Inventory of portable modems. Data Protection … Keeping it simple.
  18. 18. What about the basic network ? • • • • • • Do you have a Server ? List of Machine Names / IP addresses Does everyone have user name / passwords Do you allow Remote Access ? Wifi / Wired ? Internet Connection Single Entry ?. Data Protection … Keeping it simple.
  19. 19. User Account Policies Dynamite against data theft. • • • • • • No empty / default passwords Passwords should expire Strong Passwords No Common Passwords. Privileges / Account Deletion Remote Access Data Protection … Keeping it simple.
  20. 20. Reckless Wireless Routers. • • • • • No SSID Broadcast No Wireless Configuration MacIDs User Name / Password Security Change Default Password Data Protection … Keeping it simple.
  21. 21. ‘MUST’ Software • Anti Virus / Anti Malware / Anti Spam / Anti Phishing Software • Regular Updates of AV / Operating Systems • Regular Patches of OS and Software • User Access / Privilege Management Data Protection … Keeping it simple.
  22. 22. But Anti Virus is NOT enough to stop employees stealing data ! Data Protection … Keeping it simple.
  23. 23. Stepping towards Basic DLP. • Internet Access Control – Websites, Protocols, Firewalls, Proxies • Device Control – USB , CD/DVDs, Modems , Blue tooth • Upload of Data – Browser Based Uploads • Encryption Data Protection … Keeping it simple.
  24. 24. Humans, Common Sense and Policies ! It will surely help – all the best ! Data Protection … Keeping it simple.

×