Recent high-profile data breaches such as the TJX case mean you can no longer be lax about data leakage. Read this white paper to find out how to adequately protect your organization and also prepare for a breach.
Data leakage:
The stealth threat to businessCompanies have spent the last few years
learning to deal with inbound malicious content
like viruses, Trojans, spyware and spam.
But implementing firewalls and putting anti-virus
and anti-spam software at the gateway have failed
to deal with a threat that has stealthily been
growing in importance and impact: data leakage. Data leakage happens when confidential business information - In December 2006 retailer TJX announced that information from 45like future plans, budget details, forecasts, customer data, source million credit and debit cards from transactions in 2003 was stolenby hackers from its computer systems. The company couldn'tcode or design specifications - leaves your company; or when determine the extent of the breach or what customer informationemployees or others see material they shouldn't, like payroll, may have been compromised, nor could it quantify the financialredundancy or other personnel data. impact of the breach. One credit union sent The TJX Companiesan invoice for $590,000 to cover the monetary costs andData leakage can put you in breach of external regulations reputational damage that the financial institution says it incurred asa result of the data breach.because you can't record and recall the information you're legally obliged to. Sources: http://www.vontu.com/uploadedFiles/global/Ponemon-Vontu_US_Survey-Data_at-Risk.pdfAnd it happens when you can't control the content your people (http://www.computerworld.com/action/article.do?command=viewArtsubmit to blogs, Wiki's and Web 2.0 social networking sites. icleBasic&articleId=295516&source=rss_topic82
The compliance issue is a major reason why data leakage isbecoming such a high profile challenge. Today senior managershave a legal and social responsibility to prevent data leakage andcan be sued, lose their jobs or go to jail if they fall down on theirresponsibilities. Everyone from the boardroom to the mailroomis accountable for ensuring that corporate information remainsprotected, consistent, accurate, transparent and accessible.
Loss of IPTypes of data leakage A US software company hit the news when source code and keyThe data leakage problem has outbound, internal and design documents were stolen from its R&D centre in India. Anew employee had a used a web-mail account to upload the data.inbound dimensions. Development at the centre was temporarily stopped asOutbound data loss management tried to track down the code and stop it spreading.But the news story had already run all around the world.The types of data lost through the gateway (email, web and IM)are numerous:. Loss of IP and other sensitive corporate information like Breach of PII.financial forecasts, budgets, competitive data, marketing A list which contained the details of 4,500 AIDS patients andanother 2,000 HIV-positive people was mistakenly emailed to 800plans etc medical staff in California. Proper outbound content filtering could. Loss of sensitive customer data such as personal credit have prevented the leak.information (PCI) or purchase histories . Loss of personally identifiable information (PII) like socialsecurity numbers or patient records. Content appearing on Web 2,0 and social networking sites
Intellectual property and other sensitive dataBusinesses are extremely concerned with protecting patents,trademarks, brands, trade secrets, designs, architectures,copyrights, algorithms, software code, hardware schematics,inventions, business processes, and many other corporateassets. Gone are the days in which intellectual property andcorporate secrets were kept safe in locked cabinets behindguarded doors. Today, nearly all corporate information exists inelectronic form, accessible to almost any employee.Additionally, email has become the de facto filing system formuch of this information, making it even more critical to protectthe outbound flow of messages.Compliance issues Data goes nuclearIn June, 2005, sensitive information about nuclear power plants inOutbound threats don't stop at the potential loss of customer Japan was leaked over the internet from a virus-infected computer.data and price lists. Every time an employee hits "send," The confidential reports were posted to a file-sharing site after anengineer's laptop was infected with a virus while working at home.evidence for or against the company is created. Under the legal The lost data included phot... [download for more]
