Data loss is a burning issue that should be on the mind of every C-level executive and board member, if it isn’t already. Every day companies suffer millions of dollars in losses due to security breaches with far-reaching ramifications that can potentially change the way business is done all over the world. What’s worse the problem is growing exponentially.
According to the Privacy Clearinghouse Web site, nearly 150 million records containing sensitive personal information have been involved in data breaches in the United States alone. Since 2004, there has been a 1,700 per cent increase in data loss incidents with Spring 2007 seeing the number of data loss incidents reaching 150 million. A large-scale data breach could be the next corporate scandal of the new century.
The scope and opportunity for such abuse and loss of data is everywhere, even worse is the fact that the intentional, or malicious, attacks are the easiest to spot and manage, with the unintentional data losses caused by rogue emails and employee ignorance doing the most damage.
Virtually anyone can be an intentional or unintentional perpetrator. A disgruntled employee who decides to leave the company can steal confidential data and sell it to a competitor for a hefty price. A well-intentioned CFO can have his laptop containing vital financial data stolen from his rental car at the airport. Or a conscientious HR manager decides to copy and paste sensitive information into a message she’s sending via her own Web mail account, so that she can work on the material on her home computer over the weekend. No matter how data loss occurs, many individuals could be hurt as a result. It is a watershed moment for large organisations all over the world. And with increasing pressure to stay compliant, they need to start taking proper precautions to prevent the floodgates from bursting.
McAfee recently teamed up with Datamonitor, a U.K.-based research firm, to try and find out more about the levels of threat companies are facing today and questioned over 1,400 large organisations. Despite all the publicity, regulations, and technology surrounding the issue, 60 percent of the companies surveyed had experienced a loss of confidential data in the past year alone with a full third of them believing a major breach could put them out of business.
Despite the introduction of several pieces of legislation to prevent this from happening, and general levels of awareness appearing high, are companies doing enough to protect themselves from becoming the first true poster child for data loss?
Awareness is an important first step, but it is not enough to forestall disaster. Every enterprise needs to make data loss preparedness a priority. It is up to the key decision makers, board members, C-level executives, and IT, to allocate sufficient resources and follow best practices for proper corporate governance. They owe it to all their stakeholders, shareholders, employees, suppliers, customers, partners and the community at large.
By establishing data loss prevention policies, educating employees, and implementing technologies that automate and simplify enforcement and monitoring tasks, large organisations can prevent data breaches and focus on their business goals. It is only by taking responsibility that enterprises can maintain a global commerce environment that is flexible, collaborative and innovative. It is not too late, at least not yet.
Danielle Fournier is the Canadian General Manager of McAfee Inc. She is based in Toronto.