Right now data thieves are doing a good job stealing our sensitive information. Since 2005, more than 600 million records have been breached, and the stakes continue to rise as companies struggle to protect data in the face of increasingly complicated regulatory requirements.
- Do a Data Inventory – What sensitive data does your organization have? Where do you store this data? Why does the organization need this data? Who needs access to it? How do they use the data? You need to find out in order to protect it.
- Create a Data Policy – Good information security always starts with a well-thought out policy. Even the best security technologies cannot replace good planning.
- Leverage Access Control – You may already have many good tools to help, such as OS authentication, identity access management, firewalls, network ACL and other security controls. But, are you using them? The simple step of segmenting your trusted users from one another based on their roles can help.
- Use Encryption – Encryption can be expensive, but for data at rest and in motion, it is vital for sensitive documents. However, you don’t have to encrypt everything. If you learn where your organization stores its most vital data, you can concentrate on just encrypting that.
- Adopt DLP Technology – Vendors are offering cost-effective and easy-to-use solutions that can help organizations detect and block sensitive data at rest, in use and in motion. Consider Unified Threat Management (UTM) solutions that integrate DLP technology and allow it to be centrally managed through a single console. Gateway-based DLP technologies found on UTM devices can solve a big portion of the problem for a fraction of the cost and complexity of other solutions.