Worried about your company information leakage ? Here's what you can do.
Mahmood Ahmed, CHTP
Head - IT Operations @Media One Hotel | Certified Hospitality Technology Professional | Space buff|
For many small or medium organizations Data leakage is an worrying topic. Although they are not banks, but they do have information which needs to be protected. Due to budgetary constraints and lack of expertise availability, data leakage prevention is not implemented in such organizations.
No organization can have 100% Data leakage prevention. Let me explain my reason of saying it. Information leaked on physical device or leaked by seeing the confidential file by unauthorized person or leaking information verbally from an authorized person, all comes under data leakage umbrella. Organizations can make data leakage difficult to much extent using technology, as long as their operations can handle the restrictions. Technology can make data leakage difficult by 80% , rest 20% relies on the user training and awareness. A confidential file printed and kept on the desk of an authorized employee pose equal risks of data leakage. Implementation of DLP not only depends on organization using technology to make leakage difficult but also to make aware user of reasons and consequences.
If you have budgets available , it is always recommended to invest in DLP software or technology and user awareness program.
Some quick tasks that can be carried out to prevent Data leakage at very low level. These are very basic steps/tasks and require only in house expertise with out monetary investment.
1. Security group policies on departmental folders with authorized access groups.
2. Implementation of active directory rights management services. And protecting all confidential documents with the access protection . In case if file leakage happens, document does not open outside company network.
3. Group policy on restricting any USB storage devices on the computing devices.
4. Group policy or firewall URL filtering on restricting internet access. (Depending on the work environment )
5. Regular user trainings on how company sees data leakage as a disciplinary issue and signing confidentiality forms every year.
6. Concealed random email checks of the employees. (This should be included in the confidentiality agreement signed by the employee )
Remember, it’s the company who can create a culture of awareness amongst employees. Data leakage does not happen only via technology.
If you have put down some other best practices in place at your company do share !