data protection, humans and common sense
DESCRIPTION
Data Theft Prevention for the SME / SMB is more about humans, common sense and policies. Data Loss Prevention Software is just one of the means and definitely not the end.TRANSCRIPT
![Page 1: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/1.jpg)
Data Protection … Keeping it simple.
Data Theft Prevention for the SME.
It is about common sense not software !
![Page 2: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/2.jpg)
Data Protection … Keeping it simple.
Do you have important data on the computer ?
• Customer Information
• Technical Drawings / Source Code
• Financials / Employee Information
• Marketing / Contact Information
• Quotations / Agreements / Contracts
• Personal Information
![Page 3: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/3.jpg)
Data Protection … Keeping it simple.
• Loss of Business
• Financial / Revenue Losses
• Productivity Losses
• Intellectual Property Losses
• Loss of Reputation
• Legal Liabilities
What will happen if the data gets stolen ?
![Page 4: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/4.jpg)
Data Protection … Keeping it simple.
Cause of a Data BreachRoot Cause of Data Breach
36%
29%
35%Malicious or CriminalAttack
System Glitch
Human Factor
Data Breach Study 2013 – Ponemon Institute
![Page 5: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/5.jpg)
Data Protection … Keeping it simple.
Higher Risk of insider Data Theft.
• Sudden resignation of employee / partner
• Employees joining competitors
• Family relations in competing company
• Staff starting their own similar business
• Employees being layed off / fired
![Page 6: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/6.jpg)
Data Protection … Keeping it simple.
Some Possible Signs of Data Theft
• Request for purchase of USB Pen Drives
• Working when no one else is there
• Personal Devices being brought to office
• Your information appearing in the public domain
• Identical Products and all your customers being contacted suddenly
![Page 7: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/7.jpg)
Data Protection … Keeping it simple.
• Physical Theft
• Print Outs
• USB, CD/DVDs, Hard Disks
• Laptops / Tablets / Smart Phones / Mobiles
• Internet / Remote Access / Messengers
Common Ways of Copying Data
![Page 8: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/8.jpg)
Data Protection … Keeping it simple.
Industry Wise Data TheftDistribution
17%
14%
14%
12%
11%
9%
8%
3%
3%
3%2% 2%1%1%
Financial
Public Services
Retail
Services
Consumer
Industrial
Technology
Communications
Hospitality
Pharmaceuticals
Transportation
Energy
Healthcare
Media
Data Breach Study 2013 – Ponemon Institute
![Page 9: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/9.jpg)
Data Protection … Keeping it simple.
Costs of Data Breach
• Number of Records Breached : 26,586• Cost of Data Breach : Rs. 5.4 crores• Average Notification Cost : Rs. 12 lacs• Average Cost of Lost Business : Rs 1.5 crores
Data Breach Study 2013 – Ponemon Institute
![Page 10: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/10.jpg)
Data Protection … Keeping it simple.
Legal Liability Cost
• IT Act. (2008) – 43A :
Compensation for failure to protect client data
can be up to 5 crores.
![Page 11: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/11.jpg)
Data Protection … Keeping it simple.
Legal Liability Cost
• IT Act. (2008) – 72A : Punishment for Disclosure of Information in
Breach of Lawful Contract. – Imprisonment of 3 years and/or a fine up to
Rs. 5 lacs.
![Page 12: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/12.jpg)
Data Protection … Keeping it simple.
So now what ?Do not think ‘software’ only ... Think first what happens to data in office.
![Page 13: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/13.jpg)
Data Protection … Keeping it simple.
• Where is your data stored ?
• Which information is considered sensitive ?
• Who has access to it ?
• Do all PCs require all the data ?
• What about data on portable storage ?
Do you even know what data you have ?
![Page 14: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/14.jpg)
Data Protection … Keeping it simple.
Data Theft without software. (1)
• Education of employees / contractors about IP / Company Data / Customer Data
• Agreements and Understanding of Non Disclosure
• Strict Action to non adherence of company policies
![Page 15: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/15.jpg)
Data Protection … Keeping it simple.
Data Theft without software. (2)
• Secure Physical Devices / PCs / Laptops
• Secure Offices Portable Storage Devices (USB , CD/DVDs)
• Who can sit on which computer
• Disallow Unauthorized Devices/PCs if possible.
![Page 16: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/16.jpg)
Data Protection … Keeping it simple.
• Archive / Backup Data not being used
• Delete Data not being used
You can not steal what is not there..!!
![Page 17: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/17.jpg)
Data Protection … Keeping it simple.
What about inventory ?
• How many PCs / laptops ?
• What is the h/w configuration of each PC ?
• What is loaded on each PC - OS, software and data. ?
• Inventory of removable / portable storage.
• Inventory of portable modems.
![Page 18: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/18.jpg)
Data Protection … Keeping it simple.
• Do you have a Server ?
• List of Machine Names / IP addresses
• Does everyone have user name / passwords
• Do you allow Remote Access ?
• Wifi / Wired ?
• Internet Connection Single Entry ?.
What about the basic network ?
![Page 19: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/19.jpg)
Data Protection … Keeping it simple.
• No empty / default passwords
• Passwords should expire
• Strong Passwords
• No Common Passwords.
• Privileges / Account Deletion
• Remote Access
User Account Policies Dynamite against data theft.
![Page 20: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/20.jpg)
Data Protection … Keeping it simple.
• No SSID Broadcast
• No Wireless Configuration
• MacIDs
• User Name / Password Security
• Change Default Password
Reckless Wireless Routers.
![Page 21: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/21.jpg)
Data Protection … Keeping it simple.
• Anti Virus / Anti Malware / Anti Spam / Anti Phishing Software
• Regular Updates of AV / Operating Systems
• Regular Patches of OS and Software
• User Access / Privilege Management
‘MUST’ Software
![Page 22: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/22.jpg)
Data Protection … Keeping it simple.
But Anti Virus is NOT enough to stop employees stealing data !
![Page 23: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/23.jpg)
Data Protection … Keeping it simple.
Stepping towards Basic DLP.
• Internet Access Control– Websites, Protocols, Firewalls, Proxies
• Device Control– USB , CD/DVDs, Modems , Blue tooth
• Upload of Data– Browser Based Uploads
• Encryption
![Page 24: Data Protection, Humans and Common Sense](https://reader033.vdocuments.us/reader033/viewer/2022052822/554e3eeab4c90518468b50b0/html5/thumbnails/24.jpg)
Data Protection … Keeping it simple.
Humans, Common Sense and Policies !
It will surely help – all the best !