Data breaches happen all too frequently, and at great cost. Just recently, Adobe announced that its customer database was breached, with customer IDs, passwords and possibly credit card info stolen. In July, 4 million patient records were stolen from the Advocate Medical Group.
And in a deeply worrying report, a security researcher revealed that identity thieves have been accessing U.S. consumers’ personally identifiable information (PII) from the servers of major data aggregators for the past two years.
This isn’t just embarrassing for the affected companies. The cost of a data breach for victim organizations is staggering. According to the Ponemon Institute, the average cost of a data breach in 2012 was $4.8 million in Germany and $5.4 million in the U.S.
You might be thinking: OK, I get it. So what can I do about preventing data loss?
Well, you certainly need to have the right data control technology, such as our Secure Email Gateway or our dedicated Email Appliance. But you also need a defined strategy. Your DLP strategy should have multiple levels, consisting of content monitoring, data encryption, and policy compliance.
Here are some tips to help you develop and launch your DLP strategy.
1. Understand what industry and government regulations impact your organization. Be sure to know which laws apply to you in your region. If necessary, consult a corporate attorney to get clarity on detailed requirements.
2. Identify the types of data you have within your organization. For example, you should identify data covered under regulations and your valuable intellectual property. Determine where this data resides so you can identify the systems you need to monitor.
3. Evaluate the risk and impact of a data breach for each data type. Based on this information, prioritize risks and address the most serious first.
4. Educate users. User training, guidelines and acceptable use policies are critical to the success of your DLP strategy and should be factored into the project alongside any IT activities.
5. Deploy data protection technologies to prevent accidental data loss. Accidents happen—people lose laptops, or send emails to the wrong address. Protect against data loss by deploying security solutions such as content control, device control and encryption to render data unreadable without a password.
Here’s one more tip: Download our free whitepaper Don’t Let Data Loss Burn a Hole in Your Budget. This paper guides you through the steps necessary to implement a practical DLP strategy (registration required).