You should be thinking about protecting your company against the loss or theft of customer data and intellectual property. If your business has sensitive data lost or stolen, you could be subject to fines, lawsuits, and, maybe most importantly, a severely damaged reputation. To help prevent these dire situations from occurring, you need to create and implement a data loss prevention plan.
What Data Needs To Be Protected?
- Personally identifiable customer data (names, addresses, credit card and social security numbers, banking information, etc.).
- The intellectual property of your business (proprietary plans, software code, sales spreadsheets, etc.).
Where Does The Data Need To Be Protected?
- Data in motion (emails, ftp and web traffic - all data going into and out of your network and off-site computers).
- Data at rest (on your file servers, pcs, laptops, and pdas and in your SQL Server, Oracle, DB2, and MySQL databases).
- Data in use (being copied to CDs, DVDs, and Memory Sticks).
The Data Loss Prevention Plan
- Start by identifying the data at your business that needs to be protected.
- Determine where the data that needs to be protected is located. You should think about centralizing the location of sensitive data for ease of protection.
- Determine which employees need to have access to the protected data. Some employees may not need to have any access, some may need selective access, and others may need full access.
- Determine what regulatory requirements your business must meet in regards to sensitive data.
- Discuss the need to protect sensitive data with your employees. Explain to them the importance of keeping data protected. Train employees how to keep data safe.
- Assign someone to be responsible for continuing to think about data loss prevention at your company.
Only after you have completed the above steps should you start to think about the specific technical systems that you will use to prevent data loss. There are many different kinds of systems available to prevent the loss of data in motion, data at rest, and data in use. Some systems can help to prevent all three types of data loss and others may be specialized in preventing only one of the three.
No single system can truly prevent all data loss. You will need to employ a combination of easy to use systems plus employee training to protect your business from data loss on an ongoing basis. The most important aspect of any Data Loss Prevention plan is to keep the focus on the data that needs to be protected rather than on the systems that you use to do the protecting.
Posts
