The State of Data Security: Defending Against New Risks and Staying Compliant

• What Does Data Protection Mean to my Organization?
• Why Every Organization Needs to Protect Personal Information
• The Cost of Data Breaches

Today’s IT and business managers must take a hard look at the risks and costs of potential data loss. Creating a proactive data security plan arms you with the knowledge you need to manage the risk and helps you to stay compliant with data protection rules and regulations.

We all know that data breaches are constantly in the news—in fact security breaches compromised more than 500 million U.S. records since 2005. Plus, lost data due to human error or negligence is just as much of a threat. Fortunately, it’s much less expensive to prevent a breach or other data loss incident, than it’s to respond to one and resolve it after the fact.

Recognize how your data can become vulnerable, including the latest issues stemming from unprotected data on mobile devices and social media sites. Understand the compliance issues involved, and identify data protection strategies you can use to keep your company’s information both safe and compliant.

What Does Data Protection Mean to my Organization?

Today’s IT and business managers must take a hard look at the risks and costs of associated with potential data loss and have a plan in place to manage those risks. At the same time, you need to stay compliant with data protection rules and regulations.

Data issues exist for small and mediumsized businesses as well as for large enterprises. As an IT practitioner, you first need to discover and control data. Then, you can put an effective data protection strategy in place. Recognize how your data can become vulnerable, including the latest issues stemming from unprotected data on mobile devices and social media sites.

According to the Identity Theft Resource Center, at least 662 data breaches in the U.S.occurred in 2010, which exposed more than 16 million records. Nearly two-thirds of breaches exposed Social Security numbers, and 26% involved credit card or debit card data. The majority of these attacks were malicious hacks or insider theft.

Why Every Organization Needs to Protect Personal Information

Data can leave your network and your control in many ways, including through unprotected servers, desktop computers, laptops, mobile devices and email messages. And, cybercriminals may use malware to get into your network to destroy or steal your company’s valuable information. This is why protecting sensitive and personal information is essential.

CSO magazine’s 2011 CyberSecurity Watch Survey found that 81% of respondents’ organizations experienced a security event during the past 12 months, compared with 60% in 2010. Twenty-eight percent of respondents saw an increase in the number of security events as compared with the prior 12 months. Today’s connected world makes it easier than ever to let companies collect personal information, often for completely legitimate reasons.

Personal information is any information that someone can use to uniquely identify, contact, or locate a single person, or use with other sources to uniquely identify a single individual. This information typically must be protected by law. Credit card numbers from a retail sale, Social Security numbers on tax forms, bank account information for online bill payment, medical details from a doctor’s visit, and names, email addresses and birthdates entered on any Internet site registration—this data all resides in the databases of various companies, who often share it with third party vendors to perform a wide array of outsourced activities.

Businesses in every industry need to pay attention to myriad of legal requirements involving personal information security and related policies. And, if your company deals with financial, government, healthcare, education, energy or retail data, you’re likely to face even more stringent regulations.

A series of legislative measures exist today to limit the distribution and accessibility of personal information. From the Gramm Leach-Bliley Act (GLBA), to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Security Rule, to the Health Information Technology for Economic and Clinical Health Act (HITECH) Act, to the Federal Information Security Management Act (FISMA), every industry has its own “alphabet soup” of regulations, guidelines, and standards to keep information safe.

The Cost of Data Breaches

As these examples show, data breaches can not only harm the consumer whose data is lost, but also pose significant costs to the organization.

A recent OnePoll survey demonstrates the impact of indirect costs. The survey found that about two-thirds of U.K. consumers would try to avoid interacting with firms that they knew lost confidential information. The Ponemon Institute adds that the potential expense of losing customers to a security breach is prompting U.S. companies to spend more on bolstering protection for their systems.

This only makes sense: you need to find the right balance between what it costs to protect your company’s data and what you stand to lose. Ironically, the Ponemon Institute reports that companies that respond quickly to data breaches pay more than companies that take longer to respond—in 2010, they paid 54% more. So, why does it cost more to “do the right thing” as soon as possible?

New Ways Data become Vulnerable

So, how does data become exposed and leave company networks? A number of factors can make your organization’s data vulnerable to loss or theft. Simple human mistakes, malicious cybertheft, technology failures and emerging technologies all contribute to the problem. The use of mobile technologies and the blending of at-home and at-work technologies—the so-called “Consumerization of IT”—are some of the newer causes of data vulnerability.

Malicious Intent

Another type of human risk is the nonaccidental type—it’s born of malicious intent. External hackers look to gain access to valuable data; disgruntled employees try to damage something within their company or steal information for personal gain. Malicious intent is also at play in the theft of laptops or other devices that contain company information. And, attacks get more sophisticated all the time—the recent malicious attack on RSA demonstrates that even professional security firms are in the crosshairs today.

Technology failures or glitches

Sometimes people are not to blame. For instance, if an automated service fails or if data is stored on the Web inappropriately, an unintentional leak of proprietary data can occur. In addition, new or updated technologies may have undiscovered weaknesses, allowing malicious attacks through these vulnerabilities—a good reason to keep up with regular security patches.

Are You Doing All You Can to Keep Your Data Safe and Compliant?

To take charge of information security, you’ll need to look at it in manageable pieces. There are three components of an information security strategy: the things you’re required to do by law; the operational processes and procedures you put into place; and the technology tools you use to get the job done.

It’s useful to think of the technology tools in four categories, each one supporting a different facet of information security, yet building on one another for a layered approach to protection. Here’s an overview of how Sophos provides layered protection:

• Encryption: Sophos makes it easy to securely share data with proven full-disk, removable storage and email encryption. Our SafeGuard Enterprise solution enforces policy-based encryption for PCs and mobile devices across mixed environments.
• Threat protection: You need a solution that proactively detects zero-day threats and reacts quickly to attacks. With Anti-virus, Live protection and Web protection, Sophos has you covered.
• Data loss prevention: Sophos offers a unique and simple solution for data loss prevention (DLP). We integrate content scanning into the threat detection engine and include a comprehensive set of sensitive data-type definitions to enable immediate protection of your sensitive data.
• Security controls: You can create a secure IT environment for your company by addressing the sources of infection and preventing incidents. Sophos provides network access control, application control, device control and file type control, which all help reduce threats.

Read More Visit Tech Cloud Link