The following introduction was originally published in the BCS Information Security Now Magazine, Summer 2009 issue (Volume 3, Issue 4), which was on the topic of Data Loss and Data Leakage:
Data loss prevention should be less about deploying the latest technology that claims unrivalled capabilities in securing all the data you value, rather it should be about having the right data policies, procedures in place along with suitably educated and motivated people, who can act as your data guardians.
The lack of universal technical control will always leave gaps for data to be deliberately exfiltrated or accidently exposed, but without comprehensive and effective data policies and procedures, and the people to support and enforce it, technology cannot provide a solution to your data management ills.
It is key that data procedures cover at least:
- how the organisation assigns a value to its data and information, i.e. values its assets;
- how its categorises and marks data, in relation to its value or sensitivity;
- how it assigns rules for handling data throughout its whole lifecycle, especially for personal information.
In a recession, the impact of the loss of corporate or customer data can be amplified and leave your organisation more vulnerable to disaster than before. The actual or suspected loss of information should be covered by your organisation’s incident response or business continuity plan.
People can be shocked and concerned when media-friendly volumes of data are lost or exposed, even though only a tiny proportion may directly relate to or affect them, yet they volunteer personal information to near strangers when using the Internet and think very little about the implications of doing so.
With their photos, blogs, CVs, social networks, and contributions to online discussions individuals can provide the greatest insight and intrusion into their online and real world lives, and also the lives of their friends and family who may not have consented to their information being shared so openly.
Maybe each Internet connection should come with a health/wealth warning…”
A PDF version of the magazine is available online at: