Glassdoor reported recently that 35% of hiring decision makers expect more employees to quit in the upcoming year than in the previous year, with the most common reason for quitting being salary dissatisfaction.
In light of this expected turnover, it's especially critical for companies to protect confidential business data and intellectual property which could be utilized for malicious purposes including being sold or accessed by competitors, utilized in blackmail, or negatively impacting company operations or reputation. As the saying goes, once data walks out the door, it's gone.
The foundation of proper data protection should begin with a combination of company requirements and system controls to mandate acceptable behavior.
Policies can set a framework of expectations for appropriate user behavior and how to address security concerns.
In addition, system controls involving the securing of data through permissions, blocking access to external hard drives, utilizing encryption, leveraging monitoring and alerts and implementing data loss prevention mechanisms can also be helpful.
However, policies and controls aren't necessarily sufficient to achieve success in data protection endeavors - companies need an overall data governance mindset; a comprehensive perspective which should apply on a daily basis to the use of and access to information.
I spoke with Peter Merkulov, CTO of Globalscape, regarding the topic. According to Merkulov, data theft is more common than IT pros might think. He related a tale regarding a research scientist who was sentenced to an 18-month prison term for stealing proprietary company information from chemical giant DuPont, data valued at $400 million.
More troubling, Merkulov pointed out that "while an employee can take information with them maliciously, they may also do so unknowingly." In other words, malicious activity as well as careless or ignorant behavior can increase the risk of compromised data to an organization. This is why it's important for IT leaders to be proactive about their data management and protection strategy, he added, and explained how the following three techniques can assist.
Compliance mandates like the EU's GDPR and NIS Directive will require organizations to know exactly where their data lives in order to stay in compliance and avoid major fines.
PCI, Sarbanes-Oxley and HIPAA regulations also have specific criteria for managing data which should be investigated and applied depending on the relevance to your organization.
Focus on the personnel and tools available or which can be designated for utilization. Developing a successful data governance strategy requires IT leaders to assemble the right team and resources then to be willing to enforce rules and restrictions across the entire organization.
