Otherwise known by its acronym (IT people love acronyms) as “DLP”, it is a hot topic currently with the update to the Australian Privacy Act with the introduction of Notifiable Data Breach Laws.In the past, data breaches would be an inconvenience and possibly have an impact to your ability to deliver effective services to your clients. Now it will also hurt your reputation by having to publicly notify or contact those impacted by a data breach.
Get your free eBook - Cybersecurity Tips for Employees
Most common data breach
There are two types of data breach – malicious and accidental.
Malicious data breach can be curbed by the IT team and implementing technology, policy and process to mitigate the attack vector and impact that a breach of systems may have. Your IT team is a lot more aware of the risks of not following best practice and will generally err on the side of caution.
The other malicious aspect is a rogue staff member who is stealing information for their own purpose – to start a competitor business or moving to another company with the promise of bringing information or client details.
Accidental data loss is a huge risk that has the potential to be much larger. Depending on how your staff are aligned to your policies and processes around information handling, something as simple as sending a document to your home email could open your business to penalties under the new laws should anything happen to that information.
Having a balance
There needs to be awareness around the impact of malicious and accidental data breaches that your staff may cause, and there are some cool solutions that can be put in place to help mitigate or prevent incidents.
There needs to be a balance.
Ultimately, we still need to make sure that staff can work without too much hinderance or change, and that the methods are as transparent as possible. In the past, IT teams would implement rigid policies around what the staff could do, or where they could work, that would impact on their ability to get shit done.
Communicating the risks
Education is a massive part around minimising the risk, human error is often the root cause for a data breach, be it the IT team or staff working on your data. Understanding the risks and implementing policies and processes around likely scenarios is a good way to help illustrate the risks to all staff.
Be sure to explain the “why” behind the policy – what the ultimate goal is. Keep the information simple enough to be flexible to have a long lasting impact without having to be a huge read, or having to constantly update the document and ensure compliance.
One huge advantage of “cloud” services is turn key solutions for problems such as Data Loss Prevention. If you’re organisation is already on Office 365 for example, it’s a simple process to procure licensing and enable features that can help you mitigate your risks. The key benefit of Office 365 is the integration of services and the ability to add services that provide the specific value that your organisation can identify with.
Basic Data Loss Prevention is included for e-mail within Office 365 Exchange Online with pre-configured policies for some Personally Identifiable (PI) data such as Credit Cards, bank account details, health records and more.
Its possible to monitor the policy infringement, to flag them using ToolTips in Outlook, or even block the email from being sent.
Taking it to the next level are products such as Rights Management Service, and third-party products from other specialty vendors such as Symantec, depending on your requirements.
With Notifiable Data Breach laws coming, you now have a reason to know exactly what is happening with your data, and your client’s data, as the reputation of your organisation may be at stake. The penalties are steep if reasonable steps to prevent data breach or loss are not in place.
HOW EVOLVE IT CAN HELP?
We take great pride in partnering with organisations. Our team specialises in developing customised solutions to help you get the most out of your technology.