SlideShare una empresa de Scribd logo

Data Protection, Humans and Common Sense

Descargar como PPT, PDF
U
usbcopynotify

Data Theft Prevention for the SME / SMB is more about humans, common sense and policies. Data Loss Prevention Software is just one of the means and definitely not the end.

Tecnología
1 de 24
It is about common sense not software ! Data Theft Prevention for the SME. Data Protection … Keeping it simple.
Do you have important data on the computer ? • • • • • • Customer Information Technical Drawings / Source Code Financials / Employee Information Marketing / Contact Information Quotations / Agreements / Contracts Personal Information Data Protection … Keeping it simple.
What will happen if the data gets stolen ? • • • • • • Loss of Business Financial / Revenue Losses Productivity Losses Intellectual Property Losses Loss of Reputation Legal Liabilities Data Protection … Keeping it simple.
Cause of a Data Breach Root Cause of Data Breach 35% 36% Malicious or Criminal Attack System Glitch Human Factor 29% Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
Higher Risk of insider Data Theft. • • • • • Sudden resignation of employee / partner Employees joining competitors Family relations in competing company Staff starting their own similar business Employees being layed off / fired Data Protection … Keeping it simple.
Some Possible Signs of Data Theft • • • • Request for purchase of USB Pen Drives Working when no one else is there Personal Devices being brought to office Your information appearing in the public domain • Identical Products and all your customers being contacted suddenly Data Protection … Keeping it simple.
Common Ways of Copying Data • • • • • Physical Theft Print Outs USB, CD/DVDs, Hard Disks Laptops / Tablets / Smart Phones / Mobiles Internet / Remote Access / Messengers Data Protection … Keeping it simple.
Industry Wise Data Theft 3% 1%1% 2% 2% Distribution 17% 3% 3% 8% 14% 9% 11% 14% 12% Financial Public Services Retail Services Consumer Industrial Technology Communications Hospitality Pharmaceuticals Transportation Energy Healthcare Media Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
Costs of Data Breach • • • • Number of Records Breached : 26,586 Cost of Data Breach : Rs. 5.4 crores Average Notification Cost : Rs. 12 lacs Average Cost of Lost Business : Rs 1.5 crores Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
Legal Liability Cost • IT Act. (2008) – 43A : Compensation for failure to protect client data can be up to 5 crores. Data Protection … Keeping it simple.
Legal Liability Cost • IT Act. (2008) – 72A : Punishment for Disclosure of Information in Breach of Lawful Contract. – Imprisonment of 3 years and/or a fine up to Rs. 5 lacs. Data Protection … Keeping it simple.
So now what ? Do not think ‘software’ only ... Think first what happens to data in office. Data Protection … Keeping it simple.
Do you even know what data you have ? • • • • • Where is your data stored ? Which information is considered sensitive ? Who has access to it ? Do all PCs require all the data ? What about data on portable storage ? Data Protection … Keeping it simple.
Data Theft without software. (1) • Education of employees / contractors about IP / Company Data / Customer Data • Agreements and Understanding of Non Disclosure • Strict Action to non adherence of company policies Data Protection … Keeping it simple.
Data Theft without software. (2) • Secure Physical Devices / PCs / Laptops • Secure Offices Portable Storage Devices (USB , CD/DVDs) • Who can sit on which computer • Disallow Unauthorized Devices/PCs if possible. Data Protection … Keeping it simple.
You can not steal what is not there..!! • Archive / Backup Data not being used • Delete Data not being used Data Protection … Keeping it simple.
What about inventory ? • How many PCs / laptops ? • What is the h/w configuration of each PC ? • What is loaded on each PC - OS, software and data. ? • Inventory of removable / portable storage. • Inventory of portable modems. Data Protection … Keeping it simple.
What about the basic network ? • • • • • • Do you have a Server ? List of Machine Names / IP addresses Does everyone have user name / passwords Do you allow Remote Access ? Wifi / Wired ? Internet Connection Single Entry ?. Data Protection … Keeping it simple.
User Account Policies Dynamite against data theft. • • • • • • No empty / default passwords Passwords should expire Strong Passwords No Common Passwords. Privileges / Account Deletion Remote Access Data Protection … Keeping it simple.
Reckless Wireless Routers. • • • • • No SSID Broadcast No Wireless Configuration MacIDs User Name / Password Security Change Default Password Data Protection … Keeping it simple.
‘MUST’ Software • Anti Virus / Anti Malware / Anti Spam / Anti Phishing Software • Regular Updates of AV / Operating Systems • Regular Patches of OS and Software • User Access / Privilege Management Data Protection … Keeping it simple.
But Anti Virus is NOT enough to stop employees stealing data ! Data Protection … Keeping it simple.
Stepping towards Basic DLP. • Internet Access Control – Websites, Protocols, Firewalls, Proxies • Device Control – USB , CD/DVDs, Modems , Blue tooth • Upload of Data – Browser Based Uploads • Encryption Data Protection … Keeping it simple.
Humans, Common Sense and Policies ! It will surely help – all the best ! Data Protection … Keeping it simple.

Recomendados

Hem infotech company profile
Hem infotech company profileHem infotech company profile
Hem infotech company profile
Hem Infotech
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
samina khan
 
VTU - MIS Module 8 - Security and Ethical Challenges
VTU - MIS Module 8 - Security and Ethical ChallengesVTU - MIS Module 8 - Security and Ethical Challenges
VTU - MIS Module 8 - Security and Ethical Challenges
Priya Diana Mercy
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce Security
Rebecca Jones
 
Data enrichment
Data enrichmentData enrichment
Data enrichment
FabMinds
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and security
Juliette Foine
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Information Security Awareness Group
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MIS
Amirul Shafiq Ahmad Zuperi
 

Recomendados

Hem infotech company profile
Hem infotech company profileHem infotech company profile
Hem infotech company profile
Hem Infotech
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
samina khan
 
VTU - MIS Module 8 - Security and Ethical Challenges
VTU - MIS Module 8 - Security and Ethical ChallengesVTU - MIS Module 8 - Security and Ethical Challenges
VTU - MIS Module 8 - Security and Ethical Challenges
Priya Diana Mercy
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce Security
Rebecca Jones
 
Data enrichment
Data enrichmentData enrichment
Data enrichment
FabMinds
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and security
Juliette Foine
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Information Security Awareness Group
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MIS
Amirul Shafiq Ahmad Zuperi
 
Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu Khimani
Dr Raghu Khimani
 
Chapter1
Chapter1Chapter1
Chapter1
charwendel
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
Jeff Lemmermann
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systems
Omid Aminzadeh Gohari
 
Information security
Information securityInformation security
Information security
LJ PROJECTS
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
joevest
 
needforsecurity
needforsecurityneedforsecurity
needforsecurity
David Joao Vieira Carvalho
 
MIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesMIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical Challenges
Tushar B Kute
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2
PT Bank Syariah Mandiri
 
Byod
ByodByod
Byod
stormshadow24
 
Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016
Courtney King
 
Hki tsecuritysolutionsv1.1
Hki tsecuritysolutionsv1.1Hki tsecuritysolutionsv1.1
Hki tsecuritysolutionsv1.1
HK IT solutions... unlimited...
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
IBM Business Insight
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001
Donald E. Hester
 
Information Technology policy
Information Technology policyInformation Technology policy
Information Technology policy
marindi
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The Challenges
Napier University
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
Black Duck by Synopsys
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
annwhyjay
 
IoT_Structure
IoT_StructureIoT_Structure
IoT_Structure
Brandon Walston
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and Use
TechSoup
 
11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe online11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe online
Scott Schober
 
Identity Theft Prevention
Identity Theft PreventionIdentity Theft Prevention
Identity Theft Prevention
Alan Greggo
 

Más contenido relacionado

La actualidad más candente

Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systems
Omid Aminzadeh Gohari
 
Information Technology policy
Information Technology policyInformation Technology policy
Information Technology policy
marindi
 

La actualidad más candente (20)

Mobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu KhimaniMobile Phone Seizure Guide by Raghu Khimani
Mobile Phone Seizure Guide by Raghu Khimani
 
Chapter1
Chapter1Chapter1
Chapter1
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systems
 
Information security
Information securityInformation security
Information security
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
needforsecurity
needforsecurityneedforsecurity
needforsecurity
 
MIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical ChallengesMIS 21 Security and Ethical Challenges
MIS 21 Security and Ethical Challenges
 
Ethics and information security 2
Ethics and information security 2Ethics and information security 2
Ethics and information security 2
 
Byod
ByodByod
Byod
 
Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016
 
Hki tsecuritysolutionsv1.1
Hki tsecuritysolutionsv1.1Hki tsecuritysolutionsv1.1
Hki tsecuritysolutionsv1.1
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
 
Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001Information Technology Security A Brief Overview 2001
Information Technology Security A Brief Overview 2001
 
Information Technology policy
Information Technology policyInformation Technology policy
Information Technology policy
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The Challenges
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
 
IoT_Structure
IoT_StructureIoT_Structure
IoT_Structure
 
Office 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and UseOffice 365 Security Features That Nonprofits Should Know and Use
Office 365 Security Features That Nonprofits Should Know and Use
 

Destacado

presentation on computer virus
presentation on computer viruspresentation on computer virus
presentation on computer virus
Yogesh Singh Rawat
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)
ainizbahari97
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
Aeman Khan
 

Destacado (10)

11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe online11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe online
 
Identity Theft Prevention
Identity Theft PreventionIdentity Theft Prevention
Identity Theft Prevention
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus
 
15 Tips to Protect Yourself from Cyber Attacks
15 Tips to Protect Yourself from Cyber Attacks15 Tips to Protect Yourself from Cyber Attacks
15 Tips to Protect Yourself from Cyber Attacks
 
presentation on computer virus
presentation on computer viruspresentation on computer virus
presentation on computer virus
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)
 
Presentation on computer viruses
Presentation on computer virusesPresentation on computer viruses
Presentation on computer viruses
 
Computer Virus powerpoint presentation
Computer Virus powerpoint presentationComputer Virus powerpoint presentation
Computer Virus powerpoint presentation
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentation
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 

Similar a Data Protection, Humans and Common Sense

Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
Arrow ECS UK
 
Basic_computerHygiene
Basic_computerHygieneBasic_computerHygiene
Basic_computerHygiene
EricK Gasana
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Precisely
 
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA
 
Community IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best PracticesCommunity IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best Practices
Community IT Innovators
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
Barry Caplin
 

Similar a Data Protection, Humans and Common Sense (20)

BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need It
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techies
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid ContextPrivacy, Encryption, and Anonymity in the Civil Legal Aid Context
Privacy, Encryption, and Anonymity in the Civil Legal Aid Context
 
IT Security: What an In-Plant Print Center Needs to Know
IT Security: What an In-Plant Print Center Needs to KnowIT Security: What an In-Plant Print Center Needs to Know
IT Security: What an In-Plant Print Center Needs to Know
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flare
 
Privacy for tech startups
Privacy for tech startups Privacy for tech startups
Privacy for tech startups
 
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
Can You Tell Me About Some Effective Ways to Prevent Data Leakage?
 
Basic_computerHygiene
Basic_computerHygieneBasic_computerHygiene
Basic_computerHygiene
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)
 
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
 
Community IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best PracticesCommunity IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best Practices
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
 

Último

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 

Data Protection, Humans and Common Sense

  • 1. It is about common sense not software ! Data Theft Prevention for the SME. Data Protection … Keeping it simple.
  • 2. Do you have important data on the computer ? • • • • • • Customer Information Technical Drawings / Source Code Financials / Employee Information Marketing / Contact Information Quotations / Agreements / Contracts Personal Information Data Protection … Keeping it simple.
  • 3. What will happen if the data gets stolen ? • • • • • • Loss of Business Financial / Revenue Losses Productivity Losses Intellectual Property Losses Loss of Reputation Legal Liabilities Data Protection … Keeping it simple.
  • 4. Cause of a Data Breach Root Cause of Data Breach 35% 36% Malicious or Criminal Attack System Glitch Human Factor 29% Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  • 5. Higher Risk of insider Data Theft. • • • • • Sudden resignation of employee / partner Employees joining competitors Family relations in competing company Staff starting their own similar business Employees being layed off / fired Data Protection … Keeping it simple.
  • 6. Some Possible Signs of Data Theft • • • • Request for purchase of USB Pen Drives Working when no one else is there Personal Devices being brought to office Your information appearing in the public domain • Identical Products and all your customers being contacted suddenly Data Protection … Keeping it simple.
  • 7. Common Ways of Copying Data • • • • • Physical Theft Print Outs USB, CD/DVDs, Hard Disks Laptops / Tablets / Smart Phones / Mobiles Internet / Remote Access / Messengers Data Protection … Keeping it simple.
  • 8. Industry Wise Data Theft 3% 1%1% 2% 2% Distribution 17% 3% 3% 8% 14% 9% 11% 14% 12% Financial Public Services Retail Services Consumer Industrial Technology Communications Hospitality Pharmaceuticals Transportation Energy Healthcare Media Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  • 9. Costs of Data Breach • • • • Number of Records Breached : 26,586 Cost of Data Breach : Rs. 5.4 crores Average Notification Cost : Rs. 12 lacs Average Cost of Lost Business : Rs 1.5 crores Data Breach Study 2013 – Ponemon Institute Data Protection … Keeping it simple.
  • 10. Legal Liability Cost • IT Act. (2008) – 43A : Compensation for failure to protect client data can be up to 5 crores. Data Protection … Keeping it simple.
  • 11. Legal Liability Cost • IT Act. (2008) – 72A : Punishment for Disclosure of Information in Breach of Lawful Contract. – Imprisonment of 3 years and/or a fine up to Rs. 5 lacs. Data Protection … Keeping it simple.
  • 12. So now what ? Do not think ‘software’ only ... Think first what happens to data in office. Data Protection … Keeping it simple.
  • 13. Do you even know what data you have ? • • • • • Where is your data stored ? Which information is considered sensitive ? Who has access to it ? Do all PCs require all the data ? What about data on portable storage ? Data Protection … Keeping it simple.
  • 14. Data Theft without software. (1) • Education of employees / contractors about IP / Company Data / Customer Data • Agreements and Understanding of Non Disclosure • Strict Action to non adherence of company policies Data Protection … Keeping it simple.
  • 15. Data Theft without software. (2) • Secure Physical Devices / PCs / Laptops • Secure Offices Portable Storage Devices (USB , CD/DVDs) • Who can sit on which computer • Disallow Unauthorized Devices/PCs if possible. Data Protection … Keeping it simple.
  • 16. You can not steal what is not there..!! • Archive / Backup Data not being used • Delete Data not being used Data Protection … Keeping it simple.
  • 17. What about inventory ? • How many PCs / laptops ? • What is the h/w configuration of each PC ? • What is loaded on each PC - OS, software and data. ? • Inventory of removable / portable storage. • Inventory of portable modems. Data Protection … Keeping it simple.
  • 18. What about the basic network ? • • • • • • Do you have a Server ? List of Machine Names / IP addresses Does everyone have user name / passwords Do you allow Remote Access ? Wifi / Wired ? Internet Connection Single Entry ?. Data Protection … Keeping it simple.
  • 19. User Account Policies Dynamite against data theft. • • • • • • No empty / default passwords Passwords should expire Strong Passwords No Common Passwords. Privileges / Account Deletion Remote Access Data Protection … Keeping it simple.
  • 20. Reckless Wireless Routers. • • • • • No SSID Broadcast No Wireless Configuration MacIDs User Name / Password Security Change Default Password Data Protection … Keeping it simple.
  • 21. ‘MUST’ Software • Anti Virus / Anti Malware / Anti Spam / Anti Phishing Software • Regular Updates of AV / Operating Systems • Regular Patches of OS and Software • User Access / Privilege Management Data Protection … Keeping it simple.
  • 22. But Anti Virus is NOT enough to stop employees stealing data ! Data Protection … Keeping it simple.
  • 23. Stepping towards Basic DLP. • Internet Access Control – Websites, Protocols, Firewalls, Proxies • Device Control – USB , CD/DVDs, Modems , Blue tooth • Upload of Data – Browser Based Uploads • Encryption Data Protection … Keeping it simple.
  • 24. Humans, Common Sense and Policies ! It will surely help – all the best ! Data Protection … Keeping it simple.