Data Leakage Prevention – Protecting Sensitive Information

When DuPont lost $400 million in intellectual property, it wasn’t because a hacker from the other side of the world infiltrated their system. The information was simply stolen by a former employee. Alarmingly, data loss incidents are not always caused by deliberate actions.

A file containing personal information accidentally attached to an email and sent to multiple recipients; financial data stored in a USB pen drive, accidentally left in a restaurant; or bank account data of colleagues, inadvertently posted on a company website – these are also some of the everyday causes of data loss.

A report done by research company Infowatch regarding global data leaks in 2010 showed that there were actually more accidental data leaks in that year compared to intentional ones. Accidental leaks comprised 53%, while intentional leaks comprised 42% (the rest were unidentified).

But even if they ?only? happened accidentally, breach incidents like these can still be very costly. The tens of thousands of dollars that you could sometimes end up paying in civil penalties (as in the case when you lose other people?s personal information) can just be the beginning. More costly than this is the loss of customer and investor confidence. Once you lose those, you could consequently lose a considerable portion of your business.

Confidential information that may already be leaking out right under your nose

With all the data you collect, process, exchange, and store electronically every day, your IT system has surely now become a storehouse of sensitive information. Some of them, you may be even taking for granted.

But imagine what would happen if any of the following trade secrets fell into the wrong hands: marketing plans, confidential customer information, pricing data, product development strategies, business plans, supplier information, source codes, and employee salaries.

These are not the only kind of data that you should be worried about. You could also get into trouble if your sloppy IT security fails to protect employee or client personal information such as their names; social security numbers; drivers license numbers; or bank account numbers and credit/debit card numbers along with their corresponding PINs.

In some countries, you could face onerous data breach notification requirements and heavy fines when these kind of data are involved.

There are now more holes to plug

It’s not just the different varieties of sensitive electronic information that you have to worry about. Because these data can take on different forms, i.e. data-at-rest, data-in-motion, and data-at-the-endpoints, you also need to take aim at different areas in your IT system.

Sensitive information can be found ?at rest? in each of your employees? hard disks, in your servers, storage disks, and in off-site backup disks. They can also be found ?in motion? in email, instant messaging, social networking messaging, P2P file sharing, ftp, http, and so on.

That’s not all. Your highly mobile workforce may have already introduced yet another high-risk area into your system: data-at-the-endpoints. This includes USB flash-disks, laptops, portable hard disks, CDs, and even smartphones.

The main challenge of data leak prevention

Having been made aware of the various aspects of data leakage, have you already come to grips with the extent of the task at hand?

There are two major things you need to do here to prevent data leakage.

One, you need to identify what data you have that can be considered as sensitive/confidential information. Of course you have financial information and employee salaries in your files. But do you also store personally identifiable information? Do you have trade secrets that are stored in electronic form?

Two, you need to pinpoint their locations. Are they only on your hard disks and laptops? Or have they made their way to flash drives, CDs/DVDs, or portable HDDs? Are they being transmitted through email or any other file transfer media?

The reason why you need to know what your sensitive data are as well as where they are is because you would like all efforts of securing them to be as efficient and unobtrusive as possible.

Let’s say, as a way of protecting your data, you decide to implement encryption. Since encryption can consume a lot of storage space and significantly reduce performance, it may be impractical to encrypt your entire database or all your files. For the same reason, you wouldn’t want to encrypt every single email that you send.

Thus, the best way would be to encrypt only the data that really need encryption. But again, you need to know what data needs to be encrypted and where those data can be found. That alone is no simple task.

Not only will you need to deal with the data you already have, you will also have to worry about the data that will go through your systems during the course of your day-to-day transactions.

Identifying sensitive data as it enters or leaves your system, goes through your network, or gets stored in your file system or database, and then applying the necessary security actions should be done automatically and intelligently. Otherwise, you could end up spending on a lot of man-hours or, worse, wasting them on a lot of false positives and negatives.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

ISO Certification and Training

Overview

ISO, or the International Organisation for Standardisation, is a global standard-setting body, made up of a network of various standards organisations from among its 162 member-nations. ISO is a vital force in the manufacturing industry, promoting industrial and commercial global standards for specifications and requirements in materials, products, procedures, information, and quality management.

ISO Certification

For a company, an ISO Certification:

? Is an assurance that the organisation, has met the required management of processes and documentation.

? Provides standards on how businesses and organisations manage information and processes;

? Does not impose any regulations;

? Is not like a license that allows a business or company to operate.

Rather, an ISO Certification merely certifies that a management system, a manufacturing process, or an offered service has all the elements for quality assurance and the capability to compete in the international market.

That said however, an ISO Certification is still vital to most businesses because it brings them up to par with global standards. For instance, in many industries, contracting companies are required ISO 9001 certification, and some government contracts, such as in the oil industry or medical technologies, depend largely on ISO 9001 compliance. Most ISO Standards are specific to different industries, processes, and products, but ISO 9001 is a management system standard that can be applied to any company.

ISO 9001

ISO 9001 is unarguably, one of the most established Quality Management Systems program in the world today that can be a useful tool for any organisation. ISO 9001 Standards is currently the recognised standard not only for quality management systems, but management systems in general, ensuring quality in all aspects ? products, services, and documentation.

Any company, regardless of size or sector, aiming to improve its operations and management, would do well with an ISO 9001 Certification, especially if the organisation is prepared to implement the standards throughout the entire organisation and not just in particular departments or divisions.

Find out more about our Quality Assurance services in the following pages:

Total Quality Management

Failure Mode and Effects Analysis

Six Sigma

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Technology and process improvement

Tightening organisational flow to improve productivity and minimise costs is a growing concern for many businesses post the Global Financial Crisis. Businesses can no longer afford to waste time and personnel on inefficient processes. Organisations using either Six Sigma or Lean techniques better manage their existing resources to maximise product out-put. Both of these techniques involve considerable evaluation of current processes.

What is Six Sigma?

Six Sigma is an organisational management strategy that evaluates processes for variation. In the Six Sigma model, variation equates waste. Eliminating variation for customer fulfilment allows a business to better serve the end-user. In this thought model, the only way to streamline processes is to use statistical data. Each part of a process must be carefully recorded and analysed for variation and potential improvements. The heart of the strategy embodied by Six Sigma is mathematical. Every process is subject to mathematical analysis and this allows for the most effective problem solving.

What is a Lean Model?

Lean businesses do not rely on mathematical models for improvement. Instead, the focus is on reducing steps in the customer delivery cycle, which do not add value to the final deliverable. For example, maintaining excess inventory or dealing with shortages would both be examples of waste behaviour. Businesses that operate using Lean strategies have strong cash flow cycles. One of the best and most famous examples of Lean in action is the Toyota Production System (TPS). In this system, not only is inventory minimised, but physical movement for employees also remains sharply controlled. Employees are able to reach everything needed to accomplish their tasks, without leaving the immediate area. By reducing the amount of movement needed to work, companies also remove wasted employee time.

Industry Applications for Lean and Six Sigma

Lean businesses reduce the number of steps between order and delivery. The less inventory on hand, the less it costs a business to operate. In industries where it is possible to create to order, Lean thinking offers significant advantages. Lean is best utilised in mature businesses. New companies, operating on a youthful model, may not be able to identify wasteful processes. Six Sigma has shown its value across industries through several evolution’s. Its focus on quality of process makes it a good choice for even brand new businesses. The best use is the combination of the two strategies. With the Lean focus on speed and the Six Sigma focus on quality combined, the two organisational processes create synergy. By itself, Lean does not help create stable, repeating success. Six Sigma does not help increase speed and reduce non value-added behaviours. Combined, these two strategies offer incredible value to every business in cost savings.

Using Technology to Implement Lean Six Sigma

Automation processes represent an opportunity for businesses to implement a combination of both Lean and Six Sigma strategies. Any technology that replaces the need for direct human oversight reduces costs and increases productivity. A few examples of potentially cost saving IT solutions include document scanning, the Internet, and automated workflow systems.

  • Document Scanning – Reducing dependency on paper copies follows both Lean and Six Sigma strategies. It is a Lean addition in that it allows employees to access documents instantly from any physical location. It is Six Sigma compliant in that it allows a reduction on process variation, since there is no bottleneck on the flow of information.
  • The Internet – The automation potential offered by the Internet is limitless. Now, businesses can enter orders, manage logistics and perform customer service activities from anywhere, through a hosted portal. With instant access to corporate processes from anywhere, businesses can manage workflow globally, allowing them to realise cost savings from decentralisation.
  • Automated Work Systems – One of the identified areas of waste in any business is processing time. The faster orders are processed and delivered, the greater the profits for the company and the less the expense per order. When orders sit waiting for attention, they represent lost productivity and waste. Automated work systems monitor workflow and alert users when an item sits longer than normal. These systems can also reroute work to an available employee when the original worker is tied up.

Each of these IT solutions provides a method for businesses to either reduce the number of steps in a process or improve the quality of the process for improved customer service.

Identifying Areas for Lean Six Sigma Implementation

Knowing that improved processes result in improved profits, identifying areas for improvement is the next step. There are several techniques for creating tighter processes with less waste and higher quality. Value Stream Mapping helps business owners and managers identify areas of waste by providing a visual representation of the total process stream. Instead of improving single areas for minimal increases in productivity, VSM shows the entire business structure and flow, allowing management to target each area of slow down for maximum improvement in all areas.

Seeing the areas of waste helps management better determine how processes should work to best obtain the desired outcomes. Adding in automated processes helps with improved process management, when put in place with a complete understanding of current systems and their weaknesses. Start with mapping and gain a bird’s-eye view of the situation, in order to make the changes needed for improvement.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Excel Spreadsheet Conversion to SQL Reports

Spreadsheets are flexible, inexpensive and easy to use. They are especially handy when it comes to beating report submission deadlines or making impromptu data computations.

Unfortunately, organisations heavy reliance on spreadsheets have made these User Developed Applications (UDA) into high-risk office tools. Simple spreadsheet errors like leaving out a negative sign or a cut-and-paste mistake have already caused million-dollar discrepancies. Also, when a fraudulent employee enters into the picture, the risks become unimaginable.
Think TransAlta’s spreadsheet cut-and-paste glitch (the company later called this a ‘simple clerical error’) which caused the energy firm a whopping $24 million loss or Fidelity’s overstatement of its earnings owing to the omission of the minus sign on the spreadsheet of a $1.3 billion net capital loss.

Denizon can convert your Excel Spreadsheets to a web based SQL Server Reporting Services (SSRS). It does not import Excel data, rather it allows the creation and deployment of reports in a more efficient manner by querying the data.

So what is the problem with Spreadsheets?

  • Plagued with risk issues and vulnerable to fraud
  • Lacking in control features especially when copied, edited and emailed between many users
  • A burden to regulation compliance e.g. SOX (Sarbanes-Oxley)
Moreover:
  • Accidental copy-paste/Omission of a negative sign/Erroneous range selection
  • Incorrect data input or unintentional deletion of a character, cell, range, column, or row
  • Possibility of the user working on the wrong version
  • Prone to inconsistent company-wide reporting
  • Often ‘defenceless’ against unauthorised access

See Top 10 Disadvantages of Spreadsheets

What makes SQL Server Reporting Services better than Spreadsheets?

  • Free from spreadsheet risks & equipped with built-in controls that substantially reduce risks to data
  • Less prone to fraud
  • More suitable for regulatory compliance e.g. SOX
  • Designed for an agile business environment

Automatic consolidation eliminates errors and wasted time caused by tedious copy-pasting of data and linking of cells
Better collaboration capabilities allows team members to bring their heads together for planning, budgeting, and reporting even while on the go
Mobility support enables users to input data or retrieve information through their wireless mobile device

Superior sharing features ensures that everyone is exactly on the same page and viewing real-time information
Dashboards provide insightful information at-a-glance through KPIs, graphs, and various metrics
Drill-downs enable users to investigate unusual figures and gain a better understanding of the details that contribute to the big picture
Easy to learn interfaces allow your organisation to cope with fast personnel turnaround or Mergers & Acquisitions

Don’t know how to shift from Spreadsheets to SQL Server Reporting Services?

We’ve got the knowledge and expertise to assist you in:

  • Making a smooth and cost-efficient transition from risky spreadsheets to reliable reports
  • Designing and implementing SOX-compliant report-generating methods and procedures
  • Putting exposure to high-risk reporting methods a thing of the past

Ready to work with Denizon?

Contact Us Today