Data Theft Prevention for the SME / SMB is more about humans, common sense and policies. Data Loss Prevention Software is just one of the means and definitely not the end.
1. It is about common sense not software !
Data Theft Prevention for the
SME.
Data Protection … Keeping it simple.
2. Do you have important data on
the computer ?
•
•
•
•
•
•
Customer Information
Technical Drawings / Source Code
Financials / Employee Information
Marketing / Contact Information
Quotations / Agreements / Contracts
Personal Information
Data Protection … Keeping it simple.
3. What will happen if the data gets
stolen ?
•
•
•
•
•
•
Loss of Business
Financial / Revenue Losses
Productivity Losses
Intellectual Property Losses
Loss of Reputation
Legal Liabilities
Data Protection … Keeping it simple.
4. Cause of a Data Breach
Root Cause of Data Breach
35%
36%
Malicious or Criminal
Attack
System Glitch
Human Factor
29%
Data Breach Study 2013 – Ponemon Institute
Data Protection … Keeping it simple.
5. Higher Risk of insider Data
Theft.
•
•
•
•
•
Sudden resignation of employee / partner
Employees joining competitors
Family relations in competing company
Staff starting their own similar business
Employees being layed off / fired
Data Protection … Keeping it simple.
6. Some Possible Signs of Data
Theft
•
•
•
•
Request for purchase of USB Pen Drives
Working when no one else is there
Personal Devices being brought to office
Your information appearing in the public
domain
• Identical Products and all your customers
being contacted suddenly
Data Protection … Keeping it simple.
7. Common Ways of Copying Data
•
•
•
•
•
Physical Theft
Print Outs
USB, CD/DVDs, Hard Disks
Laptops / Tablets / Smart Phones / Mobiles
Internet / Remote Access / Messengers
Data Protection … Keeping it simple.
8. Industry Wise Data Theft
3%
1%1%
2% 2%
Distribution
17%
3%
3%
8%
14%
9%
11%
14%
12%
Financial
Public Services
Retail
Services
Consumer
Industrial
Technology
Communications
Hospitality
Pharmaceuticals
Transportation
Energy
Healthcare
Media
Data Breach Study 2013 – Ponemon Institute
Data Protection … Keeping it simple.
9. Costs of Data Breach
•
•
•
•
Number of Records Breached : 26,586
Cost of Data Breach : Rs. 5.4 crores
Average Notification Cost : Rs. 12 lacs
Average Cost of Lost Business : Rs 1.5 crores
Data Breach Study 2013 – Ponemon Institute
Data Protection … Keeping it simple.
10. Legal Liability Cost
• IT Act. (2008) – 43A :
Compensation for failure to protect client data
can be up to 5 crores.
Data Protection … Keeping it simple.
11. Legal Liability Cost
• IT Act. (2008) – 72A :
Punishment for Disclosure of Information in
Breach of Lawful Contract.
– Imprisonment of 3 years and/or a fine up to
Rs. 5 lacs.
Data Protection … Keeping it simple.
12. So now what ?
Do not think ‘software’ only ... Think
first what happens to data in office.
Data Protection … Keeping it simple.
13. Do you even know what data you
have ?
•
•
•
•
•
Where is your data stored ?
Which information is considered sensitive ?
Who has access to it ?
Do all PCs require all the data ?
What about data on portable storage ?
Data Protection … Keeping it simple.
14. Data Theft without
software. (1)
• Education of employees / contractors about
IP / Company Data / Customer Data
• Agreements and Understanding of Non
Disclosure
• Strict Action to non adherence of company
policies
Data Protection … Keeping it simple.
15. Data Theft without
software. (2)
• Secure Physical Devices / PCs / Laptops
• Secure Offices Portable Storage Devices
(USB , CD/DVDs)
• Who can sit on which computer
• Disallow Unauthorized Devices/PCs if
possible.
Data Protection … Keeping it simple.
16. You can not steal what is not
there..!!
• Archive / Backup Data not being used
• Delete Data not being used
Data Protection … Keeping it simple.
17. What about inventory ?
• How many PCs / laptops ?
• What is the h/w configuration of each PC ?
• What is loaded on each PC - OS, software
and data. ?
• Inventory of removable / portable storage.
• Inventory of portable modems.
Data Protection … Keeping it simple.
18. What about the basic network ?
•
•
•
•
•
•
Do you have a Server ?
List of Machine Names / IP addresses
Does everyone have user name / passwords
Do you allow Remote Access ?
Wifi / Wired ?
Internet Connection Single Entry ?.
Data Protection … Keeping it simple.
19. User Account Policies
Dynamite against data theft.
•
•
•
•
•
•
No empty / default passwords
Passwords should expire
Strong Passwords
No Common Passwords.
Privileges / Account Deletion
Remote Access
Data Protection … Keeping it simple.
20. Reckless Wireless Routers.
•
•
•
•
•
No SSID Broadcast
No Wireless Configuration
MacIDs
User Name / Password Security
Change Default Password
Data Protection … Keeping it simple.
21. ‘MUST’ Software
• Anti Virus / Anti Malware / Anti Spam /
Anti Phishing Software
• Regular Updates of AV / Operating
Systems
• Regular Patches of OS and Software
• User Access / Privilege Management
Data Protection … Keeping it simple.
22. But Anti Virus is NOT enough to
stop employees stealing data !
Data Protection … Keeping it simple.
23. Stepping towards Basic DLP.
• Internet Access Control
– Websites, Protocols, Firewalls, Proxies
• Device Control
– USB , CD/DVDs, Modems , Blue tooth
• Upload of Data
– Browser Based Uploads
• Encryption
Data Protection … Keeping it simple.
24. Humans, Common Sense and
Policies !
It will surely help – all the best !
Data Protection … Keeping it simple.