Data leaks affect over 75 percent of businesses, with 68 percent experiencing six sensitive data losses annually according to the IT Policy
Compliance Group. Data leaks can occur through e-mail, Web sites,
USB sticks, and MP3 p
layers. While malicious data theft is a threat, a majority of leaks are accidental and happen because of poor employee judgment. Unfortunately, employee education is not 100 percent effective.
By implementing corrective risk, compliance, and governance practices, companies can prevent or decrease the number of
data loss incidents.
The primary means of foiling leaks is automating the monitoring and measurement of controls and procedures.
Companies can deploy
content filtering, encryption, and digital rights management software and
hardware that controls access to sensitive content. With most encryption software, users must enter a
password before a
computer will boot up. Digital rights management software enables companies to encrypt and assign privileges to documents, for instance flagging them for "internal use only" or "do not print."
Combating
data loss can be expensive. Content-filtering packages for large enterprises start at around $25,000. A sophisticated digital rights management
system can cost $500 per employee and encryption products cost $125 to $300 per
user. St. Bernard
Software and SonicWall are two providers of enterprise and SMB
content filtering software. Adobe, Protexis, and RSA (part of EMC) provide digital rights management solutions.
Encryption vendors include PGP, Checkpoint, Utimaco, and WinMagic.
Businesses should also monitor outgoing e-mail messages and use software to flag and block e-mail messages or
file transfers containing confidential data. And companies should audit
security practices regularly, probably at least monthly. Vigilance can help companies reduce costly and embarrassing
data loss.