Industry View

Five Ways to Turn Employees into Security Assets for Protecting Data

Trend Micro's Glen Kosaka explains how to prevent data leaks by raising security awareness and gaining employee support

By Glen Kosaka, director of DLP products, Trend Micro

May 06, 2008

Never before has the threat to corporate data assets been so great—and so costly. According to Attrition.org, an industry monitoring organization, in 2007, more than 162 million records such as credit cards and social security numbers were compromised through December 21—both in the U.S. and overseas. The Identity Theft Resource Center lists more than 79 million records compromised in the U.S. through December 18, 2007. That's nearly a fourfold increase from the 20 million records reported as compromised in 2006.

The explosion of messaging systems, wireless networking, and USB storage devices has made the protection of critical enterprise data even more difficult than it was before. Increasingly, enterprises are operating as "borderless" organizations, sharing information globally between employees and partners. These borderless enterprises are challenged to balance openness and flexibility with security and risk as employees work from home or in coffee shops and other off-site locations when they travel. However, most breaches and loss of sensitive data are caused by employees who are uneducated and therefore inadvertently put their company at risk. Because most breaches are accidental, companies have an opportunity to better protect enterprise data by educating employees on the proper handling of information.

Here are five ways to turn employees into security assets instead of liabilities:

Make data security part of the company culture
Protecting sensitive information should not be the sole responsibility of the security and executive teams. Every department manager has the responsibility to help identify and locate sensitive data, and to propose policies for the appropriate access, use, and protection of that data by employees. Each employee who has been identified as having access to sensitive data should undergo training on the policies and procedures which define responsible care for the company's data. In this way employees and managers alike share the responsibility for not only their own use of sensitive data but also can serve to watch over others to ensure that everyone is observing these policies.

Integrate data leak prevention processes into overall workflow
Many companies have lost control over their sensitive data because the identification, access to, and movement of sensitive data is not integrated into their overall processes. For example, when new documents or content are created, is there a classification process to determine the appropriate policies which apply? Or when employees join a department or transfer between departments, are processes initiated for data protection and access controls for new and prior departments. In addition, the introduction of new mobile devices or remote development sites can introduce new threat vectors for data leaks. When companies think through their core processes, and incorporate data protection steps as appropriate, the risk of data leaks is reduced significantly.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

Manage your IT more effectively

Secure your virtual and physical environments with the same software

Simplify your data center with Juniper Networks. View the webcast

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Digital Identity Protection and Data Security Get Personal

Welcome to the age of Service-Oriented Security (SOS)

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

5 Steps to Secure Outsourced Application Development

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

Efficient - Flexible - Compliant

Any company can promise identity protection. Only Debix can prove it

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

IDC Defines an Identity and Access Management Submarket

Using Likewise to Comply with PCI Data Security Standard

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Enabling Compliance with Converged Mainframe Security and Storage

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously