Upload
usbcopynotify
View
216
Download
0
Embed Size (px)
DESCRIPTION
Data Theft Prevention for the SME / SMB is more about humans, common sense and policies. Data Loss Prevention Software is just one of the means and definitely not the end.
Citation preview
Data Protection … Keeping it simple.
Data Theft Prevention for the SME.
It is about common sense not software !
Data Protection … Keeping it simple.
Do you have important data on the computer ?
• Customer Information
• Technical Drawings / Source Code
• Financials / Employee Information
• Marketing / Contact Information
• Quotations / Agreements / Contracts
• Personal Information
Data Protection … Keeping it simple.
• Loss of Business
• Financial / Revenue Losses
• Productivity Losses
• Intellectual Property Losses
• Loss of Reputation
• Legal Liabilities
What will happen if the data gets stolen ?
Data Protection … Keeping it simple.
Cause of a Data BreachRoot Cause of Data Breach
36%
29%
35%Malicious or CriminalAttack
System Glitch
Human Factor
Data Breach Study 2013 – Ponemon Institute
Data Protection … Keeping it simple.
Higher Risk of insider Data Theft.
• Sudden resignation of employee / partner
• Employees joining competitors
• Family relations in competing company
• Staff starting their own similar business
• Employees being layed off / fired
Data Protection … Keeping it simple.
Some Possible Signs of Data Theft
• Request for purchase of USB Pen Drives
• Working when no one else is there
• Personal Devices being brought to office
• Your information appearing in the public domain
• Identical Products and all your customers being contacted suddenly
Data Protection … Keeping it simple.
• Physical Theft
• Print Outs
• USB, CD/DVDs, Hard Disks
• Laptops / Tablets / Smart Phones / Mobiles
• Internet / Remote Access / Messengers
Common Ways of Copying Data
Data Protection … Keeping it simple.
Industry Wise Data TheftDistribution
17%
14%
14%
12%
11%
9%
8%
3%
3%
3%2% 2%1%1%
Financial
Public Services
Retail
Services
Consumer
Industrial
Technology
Communications
Hospitality
Pharmaceuticals
Transportation
Energy
Healthcare
Media
Data Breach Study 2013 – Ponemon Institute
Data Protection … Keeping it simple.
Costs of Data Breach
• Number of Records Breached : 26,586• Cost of Data Breach : Rs. 5.4 crores• Average Notification Cost : Rs. 12 lacs• Average Cost of Lost Business : Rs 1.5 crores
Data Breach Study 2013 – Ponemon Institute
Data Protection … Keeping it simple.
Legal Liability Cost
• IT Act. (2008) – 43A :
Compensation for failure to protect client data
can be up to 5 crores.
Data Protection … Keeping it simple.
Legal Liability Cost
• IT Act. (2008) – 72A : Punishment for Disclosure of Information in
Breach of Lawful Contract. – Imprisonment of 3 years and/or a fine up to
Rs. 5 lacs.
Data Protection … Keeping it simple.
So now what ?Do not think ‘software’ only ... Think first what happens to data in office.
Data Protection … Keeping it simple.
• Where is your data stored ?
• Which information is considered sensitive ?
• Who has access to it ?
• Do all PCs require all the data ?
• What about data on portable storage ?
Do you even know what data you have ?
Data Protection … Keeping it simple.
Data Theft without software. (1)
• Education of employees / contractors about IP / Company Data / Customer Data
• Agreements and Understanding of Non Disclosure
• Strict Action to non adherence of company policies
Data Protection … Keeping it simple.
Data Theft without software. (2)
• Secure Physical Devices / PCs / Laptops
• Secure Offices Portable Storage Devices (USB , CD/DVDs)
• Who can sit on which computer
• Disallow Unauthorized Devices/PCs if possible.
Data Protection … Keeping it simple.
• Archive / Backup Data not being used
• Delete Data not being used
You can not steal what is not there..!!
Data Protection … Keeping it simple.
What about inventory ?
• How many PCs / laptops ?
• What is the h/w configuration of each PC ?
• What is loaded on each PC - OS, software and data. ?
• Inventory of removable / portable storage.
• Inventory of portable modems.
Data Protection … Keeping it simple.
• Do you have a Server ?
• List of Machine Names / IP addresses
• Does everyone have user name / passwords
• Do you allow Remote Access ?
• Wifi / Wired ?
• Internet Connection Single Entry ?.
What about the basic network ?
Data Protection … Keeping it simple.
• No empty / default passwords
• Passwords should expire
• Strong Passwords
• No Common Passwords.
• Privileges / Account Deletion
• Remote Access
User Account Policies Dynamite against data theft.
Data Protection … Keeping it simple.
• No SSID Broadcast
• No Wireless Configuration
• MacIDs
• User Name / Password Security
• Change Default Password
Reckless Wireless Routers.
Data Protection … Keeping it simple.
• Anti Virus / Anti Malware / Anti Spam / Anti Phishing Software
• Regular Updates of AV / Operating Systems
• Regular Patches of OS and Software
• User Access / Privilege Management
‘MUST’ Software
Data Protection … Keeping it simple.
But Anti Virus is NOT enough to stop employees stealing data !
Data Protection … Keeping it simple.
Stepping towards Basic DLP.
• Internet Access Control– Websites, Protocols, Firewalls, Proxies
• Device Control– USB , CD/DVDs, Modems , Blue tooth
• Upload of Data– Browser Based Uploads
• Encryption
Data Protection … Keeping it simple.
Humans, Common Sense and Policies !
It will surely help – all the best !