How Organizations can Protect Against Accidental Data Loss
According to Ponemon’s Data Breach Report of 2013, system or human error is the cause of more than 65% of data breaches. The ITRC (identity theft resource center) has reported 212 disclosed breaches for the year 2013. Accidental Data Loss the breaches have cumulatively exposed more than four million personal records. In other words, human error is causing many people’s credit cards, social security numbers, medical information and sensitive data to fall into the wrong hands.
Despite the presence of compliance and governance strategies in place that dictate proper data usage, compliance policies are only effective to a point. The trick is in balancing appropriate security measures with compliance monitoring. This is mostly crucial for any organization that uses content management systems such as SharePoint. Additionally, it is important for organizations where file shares are many and vast amounts of sensitive data reside. They give almost everyone in the organization access if they are not properly secured.
There is a simple six-step process that can help institutions safeguard against compliance violations and secure properly content with affecting CMS collaboration benefits:
1.Identify red flag risks – gather stakeholders like heads of business units, human resources, communications and senior management to suggest policies required and assessment of risks for the organization. Cover industry, country and general specific regulations to secure confidential safe.
2.Establish the compliance strategy – find out the areas of risk that need address and align them with the business strategy. Utilize stakeholder knowledge to define the compliance strategy for the institution against business strategy.
3.Design and deploy policies – use an automated solution, based on compliance strategy, to automate and define policies. Assign policy officers, establish workflows and access restriction rules to support notifications and use appropriate action for non-compliant content. Content needs to be scanned in motion or at rest while tagging content based on designed policies to automatically, mitigate, prevent, correct and detect risk.
4.Automate content compliance – integration of content compliance into activities for users to review content automatically it is created. Actions should be taken to note any violations discovered. Additionally, content should be automatically classified in accordance with the policy rules that were predefined. Notifications should be sent to the people involved for them to assess the violation and come up with actions or policies.
6.Refine, remediate and report – one of the most crucial aspects of managing security and compliance risk is the ability to report and audit on the organization’s security and compliance status. The institution should also monitor and track the movement of sensitive and confidential documents including who emails, prints and views documents. Such a move will assist to measure progress against goals with time and offer an audit trail for regulators where applicable.
In the long run, an institution must provide their employees a safe way to collaborate. This is mostly the case when that collaboration involves sharing of confidential or sensitive data. Detailed reporting also lets policy managers modify rules and policy based on user compliance and interaction trends.