When it comes to the the prevention of data loss, do you know how secure your business data is? You may have systems in place to prevent cyber attacks or software that filters out malicious emails, but what about issues that could occur closer to home? Employees may be innocently storing information in vulnerable Cloud systems or mobile devices that puts data at risk.
Data loss prevention is the practice of implementing or improving business processes to prevent data breaches, ensure sensitive data isn't lost and that it can't be accessed by unauthorised users. Protecting data ensures compliance and lowers the risk of fraud or legal action against a business.
It's important to determine what data you're trying to protect and the objective for protecting it. Organisations that process personal information such as Protected Health Information or Payment Card Information will need to ensure compliance with laws such as GDPR and HIPPA and be aware about reporting to the Information Commissioners Office.
Those with Intellectual Property to protect such as product names, logos, packaging designs, bespoke products etc. will need policies in place to follow, such as how to register a trademark, where to fill out a patent or who to register a domain name with.
Organisations also need to think about where information is stored in order to prevent data loss. Paper documents left or desks or filed in unlocked cabinets pose a huge risk. Likewise, employee information such as bank details and medical information saved in network folders could be accessible to other employees with prying eyes.
88% of data breaches are caused by human error and with up to 90% of the data in Office 365 being unstructured, there are significant risk mitigation challenges for IT teams as well as an increased risk of data loss.
In OneDrive for example, if a user accidently deletes a file it can be difficult or in some cases impossible to get it back. Additionally, if an employee with access to these applications leaves, how do you stop them downloading information once they've gone?
Organisation's should look to adopt software solutions that come with Data Loss Prevention (DLP) capabilities that work across emails, as well as files uploaded and changed within Cloud storage apps.
Document management software is often the solution for many businesses when looking to prevent data loss as built in security features such as rights based permission, encryption and back ups come as standard.
Providing protection from unauthorised access while enabling employees to carry out everyday tasks means there needs to be various levels of authorisation.
The IT Manager shouldn't be able to see sensitive HR documents and a new member of staff shouldn't have editing rights to legal documents such as invoices or contracts.
Whatever the requirement, any chosen document management software needs to have a well defined rights system for accessing and editing documents across different roles within the business. It should also show what documents have been viewed and edited, by who and when.
To go even further, some systems will allow access to be controlled on individual documents, and for very sensitive data, a high security mode is used where documents are encrypted further so they can't even be accessed by a systems administrator.
When it comes to preventing data loss it's essential to have a back up of documents to protect against any fire or flood damage. And while back ups are so important, sometimes they may not be enough. What about how your documents are organised too?
Any database used, along with index criteria also need to be backed up. Saving the document itself is one thing, but being left with a mass of documents that are no longer categorised means there's no easy way of finding information.
When implementing document management software it makes sense to use a solution that stores index criteria in a separate database from the documents themselves. This allows basic backup solutions for both documents and databases.
The prevention of data loss needs to be a priority for all organisations no matter what the size to ensure compliance with government and industry regulations. Can your organisation guarantee information safety alongside traceability of what information has been accessed and when?
We'd love to speak with you to discuss your requirements.