Check Point and Ponemon survey point to heavy data loss last year
Check Point Software Technologies Ltd and the Ponemon Institute revealed the results of a global survey highlighting that 77% of organizations have experienced data loss in the last year. The report shows respondents cited customer information (52%) as the most common type of information compromised - in addition to intellectual property (33%), employee information (31%) and corporate plans (16%).
With the adoption of Web 2.0 applications and more mobile devices connecting to the network, organizations are challenged with enforcing better data security and IT Governance, Risk and Compliance(GRC) requirements.
The survey was taken by over 2,400 IT security administrators. The cited primary cause for data loss resulted from lost or stolen equipment, followed by network attacks, insecure mobile devices, Web 2.0 and file-sharing applications and mistakenly sent emails. About 49% of all respondents believe their employees have little or no awareness about data security, compliance and policies.
The survey, Understanding Security Complexity in 21st Century IT Environments was independently conducted by the Ponemon Institute in February 2011, surveying IT security administrators located in the U.S., U.K. France, Germany and Japan. The survey sample represented organizations of all sizes and across 14 different industries.
With Data Loss Prevention (DLP) as a primary concern, it is of utmost importance for businesses to set clear security practices such as:
- Understand the Organization's Data Security Needs - Have a clear view and record of the types of sensitive data that exist within the organization, as well as which types of data are subject to government or industry-related compliance standards.
- Classify Sensitive Data - Begin by creating a list of sensitive data types in the organization and designating the level of sensitivity.
Consider establishing a set of document templates to classify data by Public, Restricted or Highly Confidential - creating more end user awareness about corporate policies and what constitutes sensitive information.
- Align Security Policies with Business Needs - An organization's security strategy should protect the company's information assets, without inhibiting the end user. Start by defining company policies in simple business terms that are aligned with individual employee, group or organization's business needs. Identity awareness solutions can provide companies with more visibility of their users and IT environment, in order to better enforce corporate policy.