Data Loss and Prevention: 4 Sure-fire Ways to Protect Your Business
Data loss and prevention isn’t usually a topic of conversation. But as business leaders and owners, department heads and managers, sales and marketing teams, accounting departments and end users are all busy creating data and tons of it-it needs to be on the front burner. Obviously, this information runs your business; it may be the most valuable asset you own. Mobility is now being accepted as a way of life. Folks need, want (and likely have) access to sensitive data on many devices including PC’s (at home and at work), tablets, and smartphones. And with the dawn of a new era of wearable technology, it won’t be long before your data will be living on an Apple watch too! So the question is: are we losing control on where this data is being stored and what should we be doing about it? Here are 4 data loss and prevention policies everyone needs to adopt:
1. Data Storage Policy
Do you store your data appropriately or just as a matter of convenience? Is it being stored on the server? The desktop? In the cloud? Do you even know? The reality is unless you have a policy that dictates where the data needs to be, it will go wherever the user finds it most convenient. Got a (sensitive) file you need to take home? No problem, just copy it onto your tablet/phone or toss it up onto your free Dropbox account. Simple and easy for the user but a nightmare for the organization especially if you are bound by compliance and something gets lost or leaked. And how many copies of that one file do you have and what are you going to do if/when that person leaves your firm? Research would lead us to believe that when sales execs leave, more than 75% take your data with them. This includes contracts and invoices, your CRM database, emails, spreadsheets and documents, current pipeline, etc. Access to information can be made safe and secure with proper policy. If you are concerned about data loss and prevention, this is where it starts.
2. Backup, Disaster Recovery and Business Continuity
Are you still using tape? Are you swapping out consumer-grade USB hard drives that you bought at London Drugs? Do you have a process for ensuring your backups are working? Do you have a disaster recovery plan (proven to work) or better yet, a business continuity plan in case of a massive catastrophe?
Any company that values its data (that’s everyone, right?) needs to be regularly testing its backup process by way of trial restores. This should be done at least monthly. And daily checks need to be made to ensure the backups worked in the first place. Given the technology of the day, this is an easily automated process. If you are still using tape or USB drives, this is more critical than ever.
If you use a process that backs your data up to the cloud, is it capable of restoring your entire site in less than 24 hours? Many online backup systems don’t have the ability to courier your data to you on a portable drive should you need it and I can promise you that you don’t want to try to download multiple terabytes of data over the wire. What if it actually fails and you need to start over again?
Finally, your online backup should come with an ability to be accessible in the cloud in case your catastrophe includes the total destruction of your office or site.
3. Maintenance and Monitoring
Fixing problems before they happen is by far and away the easiest way to safeguard your company against data loss. Regular maintenance isn’t just for cars and furnaces (sorry, I lost my furnace this winter? brrrr!). A routine maintenance schedule will go a long way to resolving problems before they can take root. By the same token, monitoring systems for signs of trouble is also another effective way of ensuring problems can be stopped before they start.
4. Security, Internal and External
No one wants to be hacked. It’s expensive and embarrassing and can cripple an otherwise bullet-proof company. Truth is, there is no network on the face of the planet that can’t be breached; if they want in, they’ll get in. But with today’s commercial-grade firewalls (couple with proper antivirus and patching strategies), you can reduce that risk down to almost zero.
Consider this: if you park your car on the downtown east side, and you remove all your valuables, and leave your empty glove compartment open, and you have a car alarm, do you think they will go after you or the next vehicle where the owner was dumb enough to leave all the wedding presents on the back seat? Same thing with external network security. Leave yourself exposed and you will get hacked for sure. But put up enough of a front that makes it hard for you to be targeted and in most cases, they’ll look for the easy mark.
The bigger risk by far to your information, is internal. By adopting the strategies in points 1 and 2; along with regular audits of file and folder rights, you can also greatly mitigate the likelihood of data loss. You also need to be sure to remove users as they leave the company. Don’t leave them lingering as they can be a source of hacking, both from the inside and the outside.
Need help putting together a more effective data loss and prevention strategy? We’ve been putting out fires before they start for over 20 years. Contact us today!