Despite concerns over data loss, security experts and consultants say that not all companies are savvy when it comes to company risks concerning information loss.
The way companies set policies and governance around bring your own device (BYOD) use, the cloud, data sharing and other issues is critical to avoiding the loss of data and thousands -- or possibly millions -- of dollars.
Companies must establish data loss prevention strategies to protect their business. It's not enough for them to implement disaster recovery practices alone; they need to take proactive steps.
Mobile data security strategies should include measures that apply not only at the employee level but also throughout the chain of command. C-level executives need to understand how much data could be lost when employees routinely store files in their Dropbox accounts. IT departments have to help executives understand the implications of unsecured data and access to corporate systems.
In the BYOD and cloud era, enforcement of data loss prevention strategies and policies cannot be done by a single department. Different aspects of the business must collaborate for security. Employees need to follow a set of best practices to preempt any potential security breaches. Executives need to conduct a cost analysis of potential data loss scenarios. Legal departments need to understand the implications and consequences of exploited vulnerabilities.
IT departments' best insurance against a disaster is to establish a proactive set of data loss prevention strategies and policies. Some of these policies involve technology, and some are personnel-related.
Recommended strategies include the following:
Education. Educate all employees on data loss prevention strategies and the risks involved for using public and private clouds. Provide frequent refreshers. Do not make the mistake of educating only new hires or holding occasional seminars or online classes. Make security and data loss prevention a part of each employee's education and review the policies periodically to ensure that the issue is at the top of employees' minds. Teach employees how to keep files secure when using cloud-based services.
Trust. Trust employees to follow company guidelines to prevent data loss. They don't necessarily have malicious intent when they take sensitive data outside the company. They want to meet deadlines but may be unaware of the risks to corporate data. Trust employees to try and keep company data as safe as possible.
Executive involvement. Encourage company executives to be proactive and understand what a potential data loss could do to their business. They must know not only what valuable data might be lost, but also the costs and legal implications.
Digital tags. Understand what types of data you want to protect and classify them. Digitally tag data, tying it into access management rights. This allows employees to see only certain types of documents. If an unauthorized employee or hacker gains access to data or a file is inadvertently shared with the wrong person, the person will not be able to decipher what's on screen.
Build lines of defense. An organization's defense plan must take into account the risks of data loss and still be flexible for unforeseen situations. Work with everyone, from the security expert in the IT department to the CEO, to create policies and best practices for mobile data security.
Share the knowledge. Collect different points of knowledge and share them across departments to correlate what's happening with corporate data. Identify the places so you understand where corporate data needs the most protection.
Executives should set mobile data security as a priority, and IT can then set and enforce corporate policies for employee use of cloud computing services. The development of enterprise data loss prevention strategies can happen only with collaboration among the management, IT, legal and finance departments. Only with proactive and enforceable policies can enterprises protect sensitive data in the BYOD and consumer cloud era.