Best Practice Tips for CIOs: How to Prevent Information Leaks
The U.S. government established Data Privacy Day four years ago. Unfortunately, a lot of the primary concerns that led them to recognize the challenge of data privacy are either still here or are even stronger. Businesses are encountering a barrage of data-stealing attempts daily. From tarnished brand reputation to regulatory fines, the adverse impacts of these data breaches are clear. A single incident of data loss can erode a business's competitive advantage, weaken consumer confidence and result in fines or penalties from regulators.
Yesterday, I was discussing this with some peers. Together we came up with a few best practices to help stop data breaches and their damaging repercussions. Here are a few of the suggestions we came to agree upon:
- The web channel is one of the most compromised data loss vectors. Your security plan should incorporate user and business unit-based policy requirements for uploading data to the web.
- Users often interact with sensitive data while off the corporate network. Remembering this and taking precautions for off-network endpoint protection can pay dividends.
- Implement a strong and enforceable encryption policy for sensitive data being transmitted to USBs.
- Before purchasing or deploying any security solutions, have a methodology and execution strategy established.
Ultimately, data breach prevention isn't just about stopping data from escaping. An effective approach looks at monitoring both inbound and outbound traffic to: distinguish and stop data stealing attacks from getting in; assess in real-time and possibly take action to prevent data moving out of your control; and do this in a manner that doesn't slow down the legitimate communications that businesses need to function.
What is the single most effective action you have taken to stop data loss in your organization?