Category Archives: Insider Threat

7 Reasons Why Your Organization Will Need Data Loss Prevention in 2018

As we enter 2018, data loss prevention is becoming a necessary part of business planning, as there just don’t appear to be many industries immune to breaches. 2017 has seen a spate of data loss breaches from not just some of conventional industries such as healthcare, financial services and retail, but also others like automotive, hospitality and even the military, in some cases. Here are some reasons why your business really needs data loss prevention in 2018:

  1. The threat is not just external

There’s a difference between what you see reported in the news media and what is actually happening in the U.S. and around the globe. Statistically speaking, internal threats account for just over half of all data loss. That’s according to an Insider Threats Report from 2017. While it doesn’t pay to solely look at one piece of data, the trend of roughly half of all threats being internal has existed across multiple studies for a number of years.

  1. Financial ramifications can be huge

According to a poll of 1,000 business decision makers, the average cost believed to be incurred from a data breach was around $1 million. Clearly, this depends a great deal on what industry you are in, but it’s something to be mindful of, particularly if your data is sensitive and would be worth something to other people.

  1. Financial ramifications are just the start

Quantifying the consequences of an internal data breach is a difficult thing to do, largely because loss of reputation and trust. Even if your business can take the financial hit from fines and compensation, it also has to withstand what can be sometimes a substantial loss of business. This can be particularly harmful for small businesses who don’t quite have the buffer of the larger, often multinational counterparts.

  1. Big data is here to stay

Companies are now moving to a place where they exist on data, and the growth of the big data industry is proof of that. While sensitive data nowadays often consists of things such as financial details and social security numbers, companies will increasingly find in the future that the data they keep on customers is more sophisticated and personal – and therefore sometimes more valuable to an outsider, which can lead to an internal worker deliberately releasing it.

  1. Thoughts on the Cloud are in the cloud

Most of us are moving to cloud-based computing and SaaS applications as a cost-effective way of storing and using data without having to pay for large builds. However, this also means that a DLP plan needs to be in place to ensure that sensitive data that your company currently keeps in the cloud is encrypted and that its transmission to third parties is prevented.

  1. Intellectual property protection is important to your customers and your business

This can be one of the biggest long-term consequences of data loss. While a breach of personal information about customers can be wide scale in its negative effects, an intellectual property breach is narrow, but incredibly damaging. If your company holds trade secrets, plans etc, either for your business or your customer, it’s essential that these are protected appropriately with a DLP strategy.

  1. Endpoints are increasing

With remote work becoming more and more common, the number of endpoints that data is stored on is therefore also increasing. These can be within your business’ computer network but it can also be outside it, in public places or at home. In these cases, you need a technology monitor that is installed on all of these devices that prevents certain sensitive or confidential actions happening as part of your DLP strategy.

A data loss protection strategy doesn’t have to be an alarming addition to your company’s business plan. However, it is starting to become concerning how many businesses, big and small, are avoiding the need for one of these, given that amount of data we use is growing exponentially. Internal threats can be both malicious and totally by accident, so it’s important to protect your employees, your company and, of course, your customer from the ramifications of data breaches.

What You Did Not Do in 2017 to Prevent Data Loss

We all know data loss is an issue. We see stories in the news media of large airlines or financial services compromising large quantities of sensitive information, some of which could have been very preventable. However, it’s not just big businesses that are a target. Roughly half of all data loss happens internally, either by malicious intent, or inadvertently. This means that any employee in a business that holds information online and in computer systems could potentially lose your company’s data. We’ve outlined some of the key things you probably didn’t do in 2017 so you can get your company ready for 2018.

  1. Back it up

This doesn’t just mean occasionally getting out a hard drive to double save the important stuff. Every company should have a backup procedure for their files. Of course, it’s sensible to employ more security measures for more sensitive files, but a data loss protection plan will ensure that files are being regularly protected and can therefore be restored if a loss of data occurs.

  1. Multiple backup points

One backup point has been proven to be not enough for truly sensitive data. Apply the 3-2-1 rule as part of your data loss protection plan. Information that needs to be highly protected has 3 backups, general day-to-day information that has much less importance has 1, and give moderate level information 2 backup points. It also helps to have offsite backups as well. Particularly when there is an external breach, it can affect entire physical locations due to how malware operates in shutting providers down.

  1. Get your audit on

One of the easiest ways for data to slip through the cracks, either intentionally or by an employee’s mistake, is when systems aren’t up to date. You would be amazed how much of your software and hardware needs patches and upgrades. Auditing is the perfect end of year job to go into 2018 with a fresh start and an updated system. Often it doesn’t end up being super expensive – you’re probably already aware of the big-ticket items that need to be upgraded.

  1. Sort out a communication plan

You can’t single-handedly prevent data loss from your company, but you can empower your employees to take heed and ensure that the systems that you have in place are working correctly. Surveys and feedback loops are a great way of winning employee engagement. Ask them how they use the data – they are the ones who are handling it day-to-day after all. And as you iterate and improve data loss protection plans, ask them for feedback. You’re much more likely to get buy-in if they feel that the way they work is being taken into account.

A great number of instances where critical company information is lost is often very preventable. We say preventable because backups are a huge part of protecting your company from potential data breaches. Ensure that, if anything goes wrong, you’re still able to access the information from another endpoint.

Any good data loss protection strategy starts with a review of the status quo so do a full audit of the ‘goings-on’ of your data, software and hardware – and be critical about where there’s room for improvement. Next, get your employees onboard to ensure that any efforts are fully integrated within all areas of the company. A thorough and well-thought out data loss protection plan can save your company huge fines, loss of reputation and potential loss of business.

The Top Industry Targets for Data Breaches – Are You on the List?

It’s important to know what your data breach risk is. It’s something that affects every company worldwide that operates even part of its services online. However, some companies are more at risk than others, sometimes due to the sensitive nature of information about individuals possessed by these companies, but also how easy it is for the data to be lost in some way. This is generally when companies have an insufficient or incomplete data loss protection strategy that prevents against both internal and external threats. Here are some of the top industries that have data breaches:

  1. Healthcare
    Healthcare is a prime target because of the huge amount of sensitive information, from medical records to payment information, kept by healthcare organizations. Due to the sheer size and scale of many healthcare organizations, often upgrading software and protection systems becomes so big that it’s overlooked in favor of what feel like more immediate issues, such as staffing and equipment. Around 100 million health records were compromised in 2015 and similar figures stack up for 2016 also.
  1. Financial Services
    Frighteningly, almost half (49%) of global financial services organizations have experienced a data breach in the past, according to the 2017 Data Threat Report. IBM has found that one of the biggest vulnerabilities for financial services firms is actually human error. Insider involvement accounted for 58% of all breaches in 2016; of these, 53% acted inadvertently, while 5% acted with malicious intent. Unfortunately, many of these could have been avoided with an agile data protection plan that was well-communicated to all employees.
  1. Government
    Governments have always been classic targets for any kind of information breach, due to the sensitive nature of the data that they hold and the power that they wield. They’re also a huge employer. If you were to add up the various parts of the US government from military, to bureaucratic and civilian, you can get figures of close to 5 million individuals working for the US government and having access to its computer systems. With roughly half of data breaches occurring internally, that’s 5 million potential ways to lose confidential government information.
  1. Transport and Logistics
    This is also a huge industry and covers everything from giant airlines, to small owner-operated delivery services. The US Department of Transportation said, “the growing reliance on cyber-based control, navigation, tracking, positioning and communications systems, as well as the ease with which malicious actors can exploit cyber systems serving transportation.” Essentially, the transportation industry exists in a mobile world and mobile is one of the easiest end-points for data to be breached. It’s often not protected properly by companies, which can lead to employees easily losing information or being targeted by cyber-criminals.

Even if your company’s not on this list, it’s important for you to take steps to ensure that the data stays safe and secure. Data breaches have become so serious that companies can be liable for serious fines if it is deemed that their security was not up to scratch. If you’re a SME or SMB especially, they are the kind of fines that could put you out of business completely, or ruin your reputation. Look into a data loss protection strategy that works for the needs of your company and figure out ways to get your staff on-board to ensure that no data is lost from your organization.

How to Use DLP to Secure PHI & Better Comply with Healthcare Regulations

Advances in technology have caused vast improvements to patient care in the healthcare industry. While healthcare administration has become more efficient, healthcare providers are able to offer improved patient care by reading patient data from sophisticated equipment in real time and being able to get specialists in different locations to offer professional advice on a specific patient’s treatment.

With this, of course, comes the risks involved with electronic data. Many of the publicized concerns, in the media particularly, lie with external threats, but almost half of all data loss happens internally, because of accidental or intentional and malicious release of sensitive information.

In this article, we’ll talk about how to use data loss protection (DLP) to better secure protected health information (PHI) in line with industry regulations.

What does PHI cover?

The key information covered in PHI includes, but is not necessarily limited to information about:

  • Health status
  • Provision of health care
  • Payment for health care

There are specific indicators, such as, in terms of location details, anything more specific than an individual’s state is protected. These can be found, as well as a full breakdown of the law, here.

Using DLP strategy

DLP strategy is much more than just rolling out expensive software for employees to use and ensure you’re covered. In fact, lawmakers will look at much more than just the technology employed if you are facing prosecution and liability for any internal data breach.

  1. Staff accountability

All staff, from HR personnel, to specialist healthcare professionals, IT departments and administrative staff should be on-board with the healthcare institution’s DLP strategy. They should understand it and be actively employing it. This means effectively communicating it to all staff through policies and procedures. Often some of these can be implemented in the actual DLP technology, meaning staff are getting real time updates on how they are using the DLP strategy, what they’re doing right and wrong, and how to improve.

  1. Identification and prioritization

Prioritizing how and what patient information should be deemed sensitive and how much DLP should be applied can be tricky. However, the laws around PHI help with this as they breakdown quite specifically what needs to be protected. From there, it is a matter of figuring out where that data lies and how the DLP technology can protect it.

  1. Audit, monitor and scale

It’s unrealistic to assume that a healthcare establishment, such as a large hospital, can protect every piece of information immediately. Budgeting and resource constraints get in the way. Additionally, new technology is always being implemented in the healthcare industry so rolling out a single DLP strategy that rigidly stays in place for the next decade will not do the job that lawmakers are expecting it to.

Instead, potential sources from which data can leak should constantly be assessed as they arise, data movement should be tracked to look for abnormalities and irregularities. And, audits should take place on how effectively the DLP strategy has been in ensuring the protection of patient information.

US lawmakers are serious about data loss protection in the healthcare industry and the laws around them are enforced, with individuals sometimes facing fines up to $250,000 if they are found to be liable. Ensure that your healthcare institution complies with industry regulations by working with your DLP company to create an effective, well-communicated strategy that protects you and, most importantly, your patients.

5 Ways to Overcome Healthcare Compliance and Security Risks

In order to ensure optimal patient safety and care, healthcare is one of the most standardized industries in the world. Particularly in countries like the US, where liability risks are enormous, hospitals are directing huge amounts of resource to ensure that they are compliant with national, and even international standards, to avoid scrutiny and liability.

The security threat that comes with the increase in mobility and remote technology, means that hospitals also have to be incredibly vigilant about data loss protection (DLP) and the threat that internal sources pose, both maliciously and by accident, in the release of sensitive data. Failure to do so can result in huge fines, a loss of reputation and risks to patient safety. Here are 5 ways that healthcare institutions can look to overcome compliance and security risks:

1.Software

In a study conducted by Ponemon Insititute LLC, it was found that only 23% of respondents in the healthcare industry were using data loss protection software to prevent against internal data breach. A huge amount of resource is often put towards preventing external threats through anti-malware and anti-virus programs but almost half of all data loss comes from internal sources. DLP software addresses the source of all information – how it operates and moves internally – and therefore helps to prevent its movement externally.

2.Communication

Data loss protection strategies, plans and software are only as good as how they are used and enforced. This requires a great deal of communication from IT departments as well as top level staff at healthcare institutions. A DLP strategy must be used by everyone handling patient information, which involves clear policies and procedures for staff to follow to ensure no accidental breaches, preferably integrated into the DLP software in real-time.Of course, a DLP plan that employs certain overrides can assist with this – for instance, blocking the download of data via a USB port, if that is appropriate.

3.Visibility

Visibility and accountability go hand-in-hand when it comes to overcoming security risks in hospitals, particularly those that are internal malicious threats. Employing a system that clearly identifies and tracks the movement of sensitive data, as well as ensuring that user information is connected to that movement, wards off malicious behavior. If the person wishing to release sensitive data knows that there is a higher likelihood that it could be tracked back to them, they will be less likely to do so.

4.Secure encryption

New healthcare protocols globally, and particularly in the US, mean that it is no longer acceptable for hospitals to not be encrypting their data. In the US, this can mean both civil suits and large fines, sometimes up to $250,000 for the individual responsible. The compliance protocols state that any breach that occurs involving sensitive data that was not protected (encrypted) must be reported to the Department of Health and Human Services. Encrypted data that is breached, however, does not need to be reported and is not penalized. It is viewed that the hospital took the necessary steps with a DLP plan to prevent such an occurrence and is therefore, not liable. Investing in encryption is a preventable measure that can significantly reduce large fines and lawsuits.

5.Scaling

Hospitals, as we know, are incredibly large institutions and therefore employing a rigorous DLP strategy to meet with compliance requires a huge amount of resource, which often can’t be met in a single financial year. Working with a good DLP company means that you should be able to employ an effective DLP strategy that takes care of the essentials to meet protocols immediately. But can then be scaled up and be fluid enough to change for the upgraded technology that is always occurring in the healthcare industry.

A good DLP strategy is more than just software. Especially when it comes to internal threats, it’s essential that a DLP strategy understands how people think and behave in order to overcome healthcare compliance and security risks. Preventative measure such as encryption and communication can help avoid the accidental breach of data. Clear visibility and accountability can assist in preventing a purposeful and malicious breach, while also ensuring that healthcare compliance protocols are truly met.

The Shocking Facts About Data Loss Protection You Didn’t Know

Data loss is, quite simply, a reality for businesses operating in the 21st century. It is often thought about as caused by external threats such as cyber attacks. But data loss is also caused by internal threats and is often more dangerous as it can affect companies of any size. We’ve rounded up some shocking facts about data loss protection you need to know about:

Over 50% of critical corporate data sits on unprotected PCs

Remote work has only really started to come into its own in the last five years and it is increasing at a truly rapid pace. Unfortunately, businesses do not seem to be ensuring that their DLP and cyber security plans keep up with the way their industries are changing. Personal computers, particularly laptops, but also home desktops possess the same levels of risk when it comes to internal loss of data. 

Small businesses that experience drastic data loss go out of business within a year

Probably the most shocking statistic for SME and SMB owners. The harsh reality is that, if a sufficient DLP strategy is not put in place, you may lose data via internal sources. Sometimes it’s malicious, sometimes it comes from simply a careless click.

Think about your company’s most sensitive data and what its release would mean in terms of a worst case scenario. Would you be financially liable to the individuals concerned? Would it ruin your company’s reputation? Are you likely to be seriously affected if a competitor sees your intellectual property? If the answer to any of these is yes, you should be seriously considering updating your DLP strategy, or implementing one if you don’t have it already. 

75% of all mobile apps fail a basic security test

Regardless of whether you supply employees with a company mobile or if you have a Bring Your Own Device policy, your employees will install apps on their phone.  This is both an internal and an external threat. The employee installs an app on their phone that does not have sufficient security – an internal threat. The levels of encryption that you have put in place can now be breached – an external threat. A good DLP strategy will see that you have buy-in with your employees to ensure that they know the risk of what they are downloading and outline necessary steps and criteria to follow.

Cyber crime damage costs to hit $6 trillion annually by 2021

And cyber crime is reportedly the fastest growing crime in the United States. While this refers to all cyber crime, not just internal data loss, it still sits as an astounding figure. Data Loss Protection strategies work hand in hand with additional cyber security measures. Many of the precautions you take to protect against internal threats will also protect against external threats but it is essential that you address both so that your company does not contribute to this statistic.

Data loss protection is all about managing risk. You can’t eliminate it completely but its important to stay on top of where the trends and technology are moving to ensure that you have your company and its sensitive data covered. These facts will hopefully make you see the huge global impact of data loss and the effect that a well-communicated DLP strategy can have.

How To Know When It’s Time To Upgrade Your Data Loss Prevention Strategy

Tactics that involve prevention and protection always need constant upgrading, changing and reworking. As technology changes and people find new workarounds, so to do you need to continue finding new ways to upgrade your data loss prevention strategy. Obviously, this can be quite time-consuming and costly for small to medium enterprises, particularly, so a sensible approach is to consider when and why you should be looking to improve your data loss prevention (DLP) strategy. This knowledge will allow you to prioritise your company’s resource effectively to help protect against any breaches.

Know the culprit
While much of the attention about data loss points to outside threats from cyber-attackers, it’s estimated that more than 40% of all data breaches occur internally. These can be intentional, but they can also be due to just a careless click of the mouse. Being aware of how your data could be lost, is the first step to upgrading your strategy.

Assess your sensitive information
It’s not entirely realistic for a small or medium sized company to have a mammoth DLP strategy that protects all of the company’s information to a very high level. Nor do most companies want that as it often comes with an increased level of administration that would significantly decrease an employer’s output, were it to be applied to every file in the company.

So, assessing the files that your company has is crucial to know when to upgrade your DLP strategy. The easiest way to do this is to look at the worst-case scenario for each set of files that your company has. If someone were to accidentally send a file to the wrong person, or maliciously release it to the public, what would the ramifications be for your company, both in terms of financial and that of reputation.

Qualification
Then, qualify your data files into groups – high risk, medium risk and low risk. Most companies with internet security and data loss protection strategies will have all-encompassing security that includes all files, even those low risk. It’s the high risk and, to a lesser extent, the medium risk files that you need to have a strong DLP plan around.

It’s also worth being mindful of whether the strategy covers new files that are created. Is there a process that qualifies this data into the ‘risk buckets’ mentioned above? Your DLP strategy is only as good as how it’s being implemented. If you find that there are gaps when you go through the process yourself, it’s time to look at an upgrade.

Accepting technological change
It can be difficult for companies who have invested a great deal in a solution to look at making significant changes to it. Often there are stakeholders or other parties who may not realise the necessity in doing this and therefore the cause also has to be justified.

However, one of the biggest weaknesses of all DLP strategies is that they are reactive. They constantly have to be told what to look for – the kinds of encryptions and data formats, for instance. As we all know, technology is changing and progressing at an unprecedented rate. Because of this, those encryptions and formats are constantly changing and therefore an effective DLP strategy should be updated accordingly.

So, when? Well, the answer is constantly, but the good news is that there are plenty of affordable solutions of technology that can fill the gaps in your DLP strategy, rather than completely reworking the entire thing – an unnecessary exercise. Software such as classification software can help to combat the issue above and only serves to strengthen your DLP strategy in a cost-effective way.

Although it would be nice to have a set of rules in place to know exactly when to upgrade your DLP strategy, such a set of rules would be unrealistic and not flexible enough to take into account all of the changing variables. Instead, an approach that involves a full assessment, qualification and reworking is best when considering an upgrade.

Data Loss Statistics That Might Shock You Out of Complacency

data-securityWe hear about data loss statistics in the news media from time to time when large breaches occur, often in big multi-national companies or government departments. It’s rare for the news media to report the smaller data breaches as they are less exciting, yet this is where much of America’s data loss is occurring. Internal breaches where employees either accidentally lose data, or do so with malicious intent, happen on a daily basis. These statistics are to help give you an idea of how engrained and widespread the problem is for companies of all sizes:

43% of data breaches are internal
This is an alarming statistic and an often overlooked one. A common misconception is that loss of data occurs mainly from malicious cyber-attackers. While external breaches still count for over half of all data breaches, and are certainly on the rise, internal data breaches are also increasing and account for almost half of all data breaches.

If we were to break that number down even further, half of these breaches were done by accident, and half were intentional on behalf of the employees.

So, what does this mean for employers?
The problem is two-fold so it must be approached in the same way. Firstly, a process-driven approach can significantly lessen the number of breaches that occur by accident. A good data loss protection strategy that is effectively communicated to employees will help to protect companies, regardless of their size.

Secondly, it’s important for employees to consider if there are any environmental factors that may cause an employee to release data intentionally. If there is a high incentive for them to release specific information, such as financial reward or other gain, look at how well that data is protected and whether it is able to be accessed only by employees who need to.

Also look at your company culture and assess whether there is any emotional incentive. Disgruntled employees who perceive, rightly or wrongly, that they have not been well looked after, are often overlooked for the high risk that they present to companies. Sometimes, there’s absolutely nothing an employer can do to stop their employee feeling a certain way, hence the importance of a good data loss protection strategy. However, in many cases, these employees would present no risk at all if companies had sufficient processes and schemes in place that made the employee feel valued.

60-70% of all data breaches can warrant public disclosure
This statistic is the most harmful to the reputation of your company. It comes from an Intel study done in 2015 and is even more relevant now as internal data breaches are on the rise. Broken down, the study found that, specifically, 70% of incidents in smaller commercial organisations, SMEs or SMBs, warranted either public disclosure or had a negative financial impact.

So often, the focus around data breach is on infiltration, or attack from the outside and how to prevent it. However, as studies have shown, many breaches actually come from the inside of small to medium businesses. It’s important for employers and small business owners to take notice of these statistics and consider how they could affect their own companies. Our advice is to be mindful of the data that is in your company’s possession and look at ways to prevent it from being released internally through good company culture and an effective data loss protection strategy.

Enhancing Your Company’s Mobile Security in Ten Steps

Mobile-centric workforces are a present reality, and, more and more, a way of the future. They enable your employees to be anywhere and everywhere, which also means that your company’s precious and sensitive data is moving with them also. So, how to prevent against the threat of data loss from internal sources, both by accident and maliciously? Here are ten easy steps you can take:

  1. Use a lock screen and biometrics technology

Pretty simple stuff but it is very surprising how few companies, particularly SMBs, insist that this procedure is followed by their employees. Preferably employees will have both smartphones and laptops that come with built-in biometrics technology that can identify them through retina or fingerprint verification.

  1. Create a BYOD policy

You may or may not provide employees with devices. If you don’t, it’s important to create a BYOD (bring your own device) policy, where employees follow a procedure on their own devices to bring them up to speed with company security policy. Mobile device management platforms are a great way of implementing these. These procedures should also give you the ability to wipe their phone data remotely in an emergency situation.

  1. Purchase unlimited data contracts

This might not always be possible with budget constraints, but it is the most effective way of preventing employees connecting to unsecured Wi-Fi networks when they are in public places.

  1. Encrypt, encrypt, encrypt

The more you can encrypt the better to prevent ‘leaky’ code or to help prevent data being revealed if it is leaked by accident. File-level encryption protects data on a file-by-file basis, and key and certificate management is also highly important to protect.

  1. Strengthen passwords

Many employees still use old and unsafe passwords, merely because they’ve never been reminded to update them. As part of company policy, ensure that all passwords have to be of a certain strength and changed on a regular basis. This will help against the threat of data loss protection, not only from a mobile security standpoint, but also within the office.

  1. Testing

Ideally comprehensive testing will be included in the network security firm who puts together your mobile security package, but you should also be testing yourself to find any cracks. Upon initial implementation, encourage employees to ‘break the system’ with unclassified information. When the people who will be using the mobile systems are able to get around the technology at the very beginning, it’s likely to happen again and therefore needs to be fixed.

  1. Device protection

More relevant for SMBs with BYOD policies, ensure that the devices used are not jailbroken or a rooted device. This removes the in-built security measures that come with smartphones, which are fairly sophisticated and help to complement your company’s own security policies.

  1. Mobile app choice

When downloading any app on a phone, for both personal and professional use, it’s important that employees don’t download apps that could compromise data protection. Ensure that employees view the download of apps the same way that they view downloading foreign files, or opening spam emails – with caution.

  1. Inform your employees

Further to this, it’s helpful to inform your employees what potential threats could look like. While these are technically external threats, you can reduce the internal threat of employees clicking on harmful phishing links by educating them that these could come from banks, tax departments, the Board of Directors, and what to do if they’re unsure.

  1. Update the technology

Software updates for laptops and mobile devices generally include a large number of security patches and updates. Ensure that you and your employees are as protected as you can be by updating as soon as the notification comes through.

Many employees don’t have any intention of leaking a company’s sensitive information, they are just totally unaware of how they are inadvertently doing it. Creating a workplace where employees are taught to view mobile security as an important part of their job, whether it’s disconnecting from public Wi-Fi areas, or strengthening passwords, it helps to educate and empower them to start taking mobile security into their own hands. This, combined with mobile device management platforms that help to protect against internal loss that occurs intentionally, will ensure that your company has a solid mobile security policy.

How to Use Prioritization to Enhance Your Data Security

Data loss prevention and data security can sometimes feel like a daunting and money draining task, particularly for SMBs. But cyberattacks and loss of data can be some of the biggest risks an organization can face in this modern-day climate. Companies don’t need to be big-name enterprises with large IT departments in order to operate as a top-performer in data loss prevention. When it comes to protecting companies and individuals from data loss, prioritization of data protection is key to successfully managing security, while still operating a well-running company.

  1. Knowledge is power

There are many studies that suggest that around one third of all companies lack sufficient policies for data encryption, classification and security. Knowing the risk and how your company might be affected is the first step towards data security.

  1. Consider the options

What is actually realistic for your business? While it is tempting to get caught up in the sophistication and benefits that some of these security systems hold, it’s important to prioritize what your company really needs for full protection. Extra benefits are nice-to-haves, and most security companies will scale plans up and down, so these can easily be considered once a working plan is in place.

  1. Learn about your company’s data

Back to the first point, knowledge is power – in order to be able to optimally prioritize data for security purposes, you need to know about your company’s data. What it does, who uses it, and how it moves around your computer systems. Depending on the size of your company, there are some mapping tools that can be put into place to assess this but you should also be looking for a general feel. In addition to the sophisticated software that’s out there, there’s an element of common sense to data security – if you think data could escape a particular route, it probably can.

  1. Top down data prioritization

Once you know the ins and outs of your company’s data, it’s important that you begin to assess the risk that a breach in data security poses for the different kind of files your company possesses. The higher the risk, the more priority needs to be given to ensuring that the data security around those files is impeccable.

  1. Balance it out

Bear in mind that often the more security and process you place around data, the more administration you are placing on your employees. Policies and verification processes all take time, and this adds up if it is manual time on each and every file the employee is using. Consider the effect that the loss of a particular piece of data will have on your company if it is released from your secure system. If the consequences are not high, and it’s much more effective for your business to run efficiently without cumbersome processes around those files, then go with that.

Prioritizing the kind of security that you employ to protect your company, and how you implement it, can sometimes mean the difference between being able to install security and data loss prevention plans in your company, or becoming like the one-third of businesses that have not done so. With these simple techniques, you should be able to efficiently breakdown and prioritize how to effectively go about protecting your company through data security.