Benjamin Franklin’s famous axiom is as true today, regarding data loss prevention (DLP), as it was when Franklin first made the quote. While Franklin was actually addressing “fire safety,” data loss incidents today can cause organizations, both large and small, to “get burned.”
Many IT chiefs are spending a vast majority of their precious budgets trying to update their “eggshell defenses” to keep script kiddies, hacktivists and/or possibly state-sponsored hackers at bay. However, this “crunchy on the outside” defense has the tendency to leave the middle, generally data, vulnerable and unprotected.
It may come as a surprise to some, but according to a recent Symantec study, over 50% of all data breach incidents were not from hacker attacks to the eggshell, but originated from inside an organization. Most of these inside breaches resulted from well-meaning employees just trying to do their jobs. Whether the breach was initiated by an employee downloading sensitive data to a thumb drive or possibly sending the data to their home email account, each threatens the integrity of the organization’s security policy if left unmonitored.
The “Hall of Fame for data loss incidents” continues to grow every day. It’s hard to turn on any news channel and not hear of some large corporation who just had an incident affecting many consumers. However, a simple search with any popular search engine will quickly lead to many of the lessor publicized breaches affecting the “Average Joe,” the everyday small and medium-sized business or (SMB).
For example, there is a small medical clinic in the upper Midwest which specializes in treating people with HIV or AIDS. An employee accidently sent a mass email revealing over 170 patients names diagnosed with AIDS. According to a news article covering the story, someone possibly could face misdemeanor charges as a result of the breach, while the clinic faces potential civil damages starting at $2,000 per patient. The e-mail blunder is a critical violation of state and federal laws created to protect patient privacy.
Whatever your line of business, EVERY organization has sensitive information that, if accidentally released, could be damaging not only to its reputation but also to its staff. It could be as simple as employees’ sensitive Personally Identifiable Information (PII). Such information includes biometric information, medical information, personally identifiable financial information (PIFI) and unique identifiers such as passport or Social Security numbers.
Data Loss Prevention technology is analogous to having an insurance policy for your car. While you don’t expect to have an accident every day you drive your car, it does allow you to sleep peacefully at night, knowing you will be covered from loss should the unexpected occur. Today’s DLP solutions can be procured and implemented for a fraction of the cost of even a small data breach. I’m sure if Ben Franklin were running any IT organization today, a strong DLP program would be a top priority to ensure “data safety.”