PRINT
EMAIL
COMMENT
DEL.ICIO.US
DIGG
OUR PREMIUM CONTENT
The Kiplinger Agriculture Letter
The Kiplinger California Letter
Kiplinger's Biofuels Market Alert
Kiplinger's Retirement Report
SUBSCRIBER HELP
CURRENT LETTER
U.S. Agriculture
Feeding the Economy
PREVIOUS ISSUES
Dr. Lawrence A. Ponemon is chairman and founder of the Ponemon Institute, a Michigan-based research think tank dedicated to advancing privacy and data protection practices.Dr. Ponemon was CEO of a privacy and data security services firm and was global managing partner of PricewaterhouseCoopers (where he founded the firm's privacy practice). He has served as a consultant to federal and state task forces on privacy and data security laws.
In May of 2006, the Department of Veterans Affairs disclosed that a laptop computer stolen from an employee's home contained the personal information of over 26.5 million American veterans. The incident, the second-largest known data breach in U.S. history, brought to light security vulnerabilities that laptop computers and other mobile devices pose to sensitive information, causing many people to evaluate the safety of personal information.
Leaks of confidential customer information have become a pervasive problem. The Privacy Rights Clearing House reports that more than 93 million files containing personally identifiable information have been exposed since February 2005. For affected organizations, a customer data breach can cause significant damage to reputation, finances and business relationships, yet research shows that many organizations are not taking the steps necessary to protect customer information. In order to protect confidential data, companies must discover where the data is located, understand where data is going, and enforce security policies and procedures for the handling and storing of confidential information.
Find Your DataThe first step in any data protection strategy is discovering where sensitive information is stored. Without knowing where the data is, it is almost impossible to protect it. While most companies recognize the value of protecting confidential information, few have taken the steps necessary to find out where sensitive information is stored.
Vontu Inc., a leading developer of data loss prevention technology, and privacy and information management research group the Ponemon Institute conducted the first survey of businesses and how they handle confidential data to better understand the nature and extent of companies' controls over sensitive and confidential data. The survey revealed that two-thirds of businesses surveyed reported never having conducted an inventory of sensitive consumer information; 64 percent also reported never having inventoried employee data. Businesses that are unaware of the location of their data are at risk for theft by hackers, careless or malicious company insiders and identity thieves. What's more, these companies will have no idea when that information has been compromised or has gone missing.
There are a number of ways for businesses to determine where sensitive data is stored, however, the most efficient solutions come from companies in the emerging data loss prevention market. Vontu and other companies in the market can identify unsecured confidential data, including customer information, employee records and intellectual property, that is exposed on Web servers and individual desktops and laptops. Once a business has discovered the location of its data, it can move on to the next step in data protection: understanding where the data is going.
Control Your DataLaptops and other portable devices have enabled employees across the globe to work virtually whenever and wherever they choose. However, when one of these devices is lost or stolen, they often contain unprotected corporate information and customer data, forcing the company to publicly acknowledge the possibility of a data breach. The Confidential Data at Risk survey found that personal digital assistants (PDAs) and laptops ranked highest among storage devices posing the greatest risk for sensitive corporate data, followed by USB memory sticks, desktop systems and shared file servers. The survey also found that 81 percent of companies surveyed reported the loss of one or more laptop computers containing sensitive information.
The laptop theft at the Department of Veterans Affairs offers an example of the impact a missing laptop can have on an organization's finances and reputation. There are steps that businesses can take to minimize the risk to your organization in the event of a lost or stolen laptop. One solution is the monitoring capabilities of companies in the data loss prevention market that allow users to monitor what information is being stored on mobile devices such as memory sticks, laptops, zip drives and PDAs (such as Palm Pilots and BlackBerries). By understanding what information is being stored on portable devices, and who is storing it, companies can protect intellectual property and employee and customer information, as well as mitigate the risk of an incident like the one at the Department of Veterans Affairs.
Set PoliciesThe final step to protecting confidential company information is to automate the enforcement of established policies for the handling and storing of sensitive data. By establishing policies, companies are able to communicate their dedication to the protection of company data as well as set clear guidelines for employees to follow.
Policies are an excellent step toward data security, however, they must be enforced to dramatically reduce the risk of an embarrassing and costly loss of sensitive information.
Full survey available through Vontu's online resource center here.
E-Mail Article
Print Article
|
|
|
|
|
|
|
|
