10 Pasos Para Protejer La Data
Páginas: 8 (1878 palabras)
Publicado: 30 de abril de 2012
Business Brief
Ten Steps to Protecting Your Sensitive Data
Data loss prevention has become a major focus for companies of all sizes. One reason is that our increasingly mobile employees carry an increasingly large collection of sensitive data. Companies now purchase more laptops than desktops—and those laptops are loaded with sensitive information: everything from patient, customer andemployee records to intellectual property, financial data, and passwords. With more data traveling outside the network perimeter more often, it presents a very attractive target to cybercrooks. And security incidents are on the rise. According to McAfee’s Unsecured Economies report, the research team saw almost as much new malware in the first half of 2009 (1.2 million unique examples) as it did in allof 2008 (1.5 million). The mitigation costs from a single data loss can quickly exceed the costs of protecting the data in the first place. In fact, in the last year, one in five midsize organizations had a security incident that directly caused their organization to lose $41,000 in revenue on average1.
Step 1: Assess the regulations your business is subject to There’s no shortage of laws,regulations, and industry mandates facing companies. While companies in highly regulated industries like healthcare, finance, and government were once the only ones concerned with compliance, today almost no business is immune. Whether public or private; big or small; in the U.S., Europe, or Asia; every company should have a well-thought-out data protection plan. Begin by understanding that you arelikely subject to the laws and regulations of each geographic region that you conduct business in. Then realize that most of these regulations share two common facets: First, they are typically focused on protecting data that can uniquely identify a person, patient, customer, or employee. Second, many regulations are satisfied if this critical data is protected using encryption. Obviously you need toresearch the specifics as they apply to your company. But at the end of the day, data protection simply makes good sense. Step 2: Identify known content risks Whether storing Social Security numbers, credit card information, or medical records, it’s crucial to have the right tools to scan your network for known risks. These tools should be capable of scanning file shares, databases, contentmanagement stores, and all your other various data repositories. Often, organizations will know where a portion of this data resides, like a server used by the finance or human resources department, but discovery mechanisms are required to find all instances of sensitive data. These might include legacy servers, desktops, or other places long since forgotten by the IT team. Furthermore, the discoveryengine needs to have automation mechanisms for running over time, as new content is created or added to the network.
Key Points Organizations need to protect their data, as the damages from even a single loss can be staggering:
• Lost
revenues heavy fines to company reputation
• Possible • Damage • Loss
of customer confidence
Following these 10 best practices can help protectyour sensitive data:
• Take
inventory of the regulations your business is subject to known content risks to stakeholders where your data is
• Identify • Talk
• Know • Set
formal rules for creating and changing policies
• Put
alerting and enforcement mechanisms in place controls and responsibilities existing IT investments
• Delegate
• Maximize • Go
with a platformapproach your solution as needed
• Build
1. Bloor Research, The Security Paradox Survey. December 2009
Business Brief
Ten Steps to Protecting Your Sensitive Data
Recent examples of sensitive data loss incidents: • February 2010—Hard drives containing health information for 500,000 customers were stolen from BlueCross BlueShield. Data included names, addresses, diagnoses, Social...
Ten Steps to Protecting Your Sensitive Data
Data loss prevention has become a major focus for companies of all sizes. One reason is that our increasingly mobile employees carry an increasingly large collection of sensitive data. Companies now purchase more laptops than desktops—and those laptops are loaded with sensitive information: everything from patient, customer andemployee records to intellectual property, financial data, and passwords. With more data traveling outside the network perimeter more often, it presents a very attractive target to cybercrooks. And security incidents are on the rise. According to McAfee’s Unsecured Economies report, the research team saw almost as much new malware in the first half of 2009 (1.2 million unique examples) as it did in allof 2008 (1.5 million). The mitigation costs from a single data loss can quickly exceed the costs of protecting the data in the first place. In fact, in the last year, one in five midsize organizations had a security incident that directly caused their organization to lose $41,000 in revenue on average1.
Step 1: Assess the regulations your business is subject to There’s no shortage of laws,regulations, and industry mandates facing companies. While companies in highly regulated industries like healthcare, finance, and government were once the only ones concerned with compliance, today almost no business is immune. Whether public or private; big or small; in the U.S., Europe, or Asia; every company should have a well-thought-out data protection plan. Begin by understanding that you arelikely subject to the laws and regulations of each geographic region that you conduct business in. Then realize that most of these regulations share two common facets: First, they are typically focused on protecting data that can uniquely identify a person, patient, customer, or employee. Second, many regulations are satisfied if this critical data is protected using encryption. Obviously you need toresearch the specifics as they apply to your company. But at the end of the day, data protection simply makes good sense. Step 2: Identify known content risks Whether storing Social Security numbers, credit card information, or medical records, it’s crucial to have the right tools to scan your network for known risks. These tools should be capable of scanning file shares, databases, contentmanagement stores, and all your other various data repositories. Often, organizations will know where a portion of this data resides, like a server used by the finance or human resources department, but discovery mechanisms are required to find all instances of sensitive data. These might include legacy servers, desktops, or other places long since forgotten by the IT team. Furthermore, the discoveryengine needs to have automation mechanisms for running over time, as new content is created or added to the network.
Key Points Organizations need to protect their data, as the damages from even a single loss can be staggering:
• Lost
revenues heavy fines to company reputation
• Possible • Damage • Loss
of customer confidence
Following these 10 best practices can help protectyour sensitive data:
• Take
inventory of the regulations your business is subject to known content risks to stakeholders where your data is
• Identify • Talk
• Know • Set
formal rules for creating and changing policies
• Put
alerting and enforcement mechanisms in place controls and responsibilities existing IT investments
• Delegate
• Maximize • Go
with a platformapproach your solution as needed
• Build
1. Bloor Research, The Security Paradox Survey. December 2009
Business Brief
Ten Steps to Protecting Your Sensitive Data
Recent examples of sensitive data loss incidents: • February 2010—Hard drives containing health information for 500,000 customers were stolen from BlueCross BlueShield. Data included names, addresses, diagnoses, Social...
Leer documento completo
Regístrate para leer el documento completo.