The term “data loss” conjures up visions of computer crashes, server meltdowns, files destroyed in a fire, and other “poof, they’re gone!” scenarios. A physical loss of the actual data, however, often happens through intentional or unintentional means, by people or processes, either within or outside of the organization.
Common unintentional causes of data loss include:
- Hardware malfunction
- Software corruption
- Human error
- Power outages
- Improper shutdowns
- Migration of data faux pas
- Natural disasters
Forward-thinking can head off these data loss opportunities with attention to:
- Proper hard drive maintenance
- Monitoring of a drive’s lifespan and preparations for the replacement
- Training to ensure against improper shutdowns
- Frequent backups
- Establishment of a data recovery plan
More unnerving are the intentional threats to your data:
- Malware in any of its various forms—computer viruses, worms, Trojan horses, ransomware, adware, spyware, a rootkit, and keyloggers
- Hackers bent on destroying or stealing data
The best defenses for these types of data loss are:
- Installation of an antivirus tool that detects and removes malware, such a Windows Defender (included with Windows 10 OS) or Malwarebytes
- Limiting access to sensitive data to necessary personnel only
How Important Is a Data Loss Prevention Plan?
Of the utmost importance, notes Eitan Katz. “Why? Because data is the new oil. Our information has value, and we need to collectively begin behaving as such.”
Jose Ferreira, Security Solutions Territory Manager for Sirius, agrees. “Today’s digital transformation—from mobile devices to embedded systems, hypervisors, social media applications, and the proliferation of connected devices—has created a “borderless” network perimeter with multiple attack vectors. To adjust to this technology revolution, organizations need to ensure their most sensitive data and assets are secured.”
Need we remind you of the security breaches that rocked 2017? The global outbreak of WannaCry and NotPetya ransomware, the attack on Equifax, events that forever changed the threat landscape. A horrific year, a “cyber-geddon,” according to the BBC.
In 2018, data-breach victims included T-Mobile, Quora, Google, and Orbitz, as well as Facebook, whose significant breaches and incidents impacted more than 100 million users.
And most recently, the Capital One fiasco where a software engineer hacked into a server and obtained the personal data of over 100 million people.
“The end goal of DLP is to protect confidential and sensitive data from unauthorized users who could mishandle or maliciously share it. Whether in response to insider threats or the need to conform to outside data protection regulations, having a data loss prevention plan is becoming an important part of a modern backup and data protection strategy,” suggests Margaret Rouse.
Veracode suggests this checklist as a guide to purchasing decisions when formulating your data loss protection plan.
- Develop specific data loss prevention strategies with detailed requirements before evaluating products.
- Understand the limitations of data leak prevention. As an example, data loss prevention is a data-centric control and does not have any understanding of SQL.
- Applications protect your data. Test the security quality of your applications. Use application security testing as a way of protecting data.
- Create data loss prevention policies and procedures for mobile devices as they interact with sensitive corporate data.
“When properly deployed, DLP provides visibility, granular control, and data protection coverage to protect against mistakes that lead to data loss, intentional misuse by insiders, and external attacks,” advises Ferreria. “Developing a comprehensive data loss prevention strategy shouldn’t be an afterthought; it can help your company protect its ‘crown jewels,’ maintain compliance with the evolving regulatory landscape, and avoid being the next data breach headline.”
You can trust RomAnalytics to find the best and brightest employees in the booming world of insights and analytics. Our candidates go through a rigorous process to meet the highest standards. We utilize in-depth interviews and, upon request, perform reference checks, background checks, drug testing, and skill testing. You can trust us to outperform generalized staffing and recruiting firms every time! Give us a call today.