The risks
- Theft, inadvertent loss or unauthorised replication of data on portable devices (such as laptops, tablets, smartphones and USB-connected devices).
- Data being inappropriately emailed.
- Data being inappropriately uploaded to a website, ftp site or cloud-based storage.
- Data being inappropriately printed.
- Data being removed from the company on a CD or DVD.
- Illicit removal and potential use, passing on or sale of data by departing or corrupt employees or those bearing a grudge.
Protect your data
There are a number of methods that you can use to protect your data:
- Conduct a risk analysis by reviewing the information stored on the company network, in the cloud and on individual devices, who has access to it and the consequences of its loss.
- Establish document classification in order to identify categories of confidentiality.
- Control who has access to what data by setting access levels.
- Establish and enforce clear policies about what employees can do with confidential or business-critical data. Educate the workforce.
- Educate staff on diligence about data access authorisation and email recipient and cc lists.
- Ban or restrict the use of portable devices.
- Disable USB ports by either electronic or physical means.
- Establish a clear BYoD (Bring Your Own Device) policy.
- Encrypt corporate data.
- Consider purchasing a commercial Data Loss Prevention solution.