Chances are good that your client’s company is storing sensitive information on their servers and this could become a major problem if they were to experience a cyber attack or other issue resulting in loss of private or confidential data. There are some hard costs to repairing the damage done when an issue of this magnitude arises, and the reputational damage alone could ruin most businesses.
Data loss prevention (DLP) and data loss insurance should be a top priority for anyone handling credit card information, health records, or other private and confidential materials. Data loss prevention is typically defined as any solution or process that identifies confidential data, tracks that data as it moves through and out of the enterprise and prevents unauthorized disclosure of data by creating and enforcing disclosure policies.
Since confidential data can reside on a variety of computing devices (physical servers, virtual servers, databases, file servers, PCs, point-of-sale devices, flash drives and mobile devices) and move through a variety of network access points, but there are a number of solutions that can help resolve the problems associated with data loss, data recovery and data leaks.
Invest in data management, prevention tools
Now that a great deal of the work performed by traditional endpoints, (such as desktops and notebooks), is constantly being augmented by tablets and smartphones, data management strategies should be revisited. Ensure that clients make it clear to data owners and stewards that they need to understand that they have an obligation to protect all sensitive data.
They should also invest in the use of data loss prevention tools at network gateways, as well as on systems in departments that manage confidential and sensitive information. Mobile phones should have the same security requirements as notebooks. Require encryption, pass codes, anti-malware and screen locking on all portable devices.
Technology can only assist in backing up good practices and procedures, so they’ll need to develop a security awareness program that addresses risks identified by the organization. Training of the support providers, both in central IT and other support organizations, on how to secure their systems and network infrastructure is crucial to the success of the program.
Security guidelines and procedures should be in place to address new concerns that will most certainly arise. Strategies should be reviewed annually and updated as needed. With that said, there’s no substitute for data loss insurance for times when disaster strikes.