Loading ...By Tom S. Noda
Published in the CWP October 2009 issue
Encryption, derived from a century-old technology called cryptology, is now being highly recommended in this 21st century era of data loss prevention (DLP) strategies, which is described to be helpful in preventing security risks on individuals and companies.
Paul Ducklin, head of technology for Sophos Asia-Pacific, said encryption is aligned with a variety of techniques to prevent data loss in a mobile connected world such as anti-virus software, firewalls, access control, written policies and improved employee training.
He said the best way in stopping data leakage is to encrypt sensitive information, laptops, and removable storage devices.
According to Ducklin, the first step is that companies should trust encryption. If data is encrypted with a password it cannot be deciphered or used unless the password is known. This means that even if all other security measures fail to prevent a hacker from accessing one’s most sensitive data, they will not be able to read it and so compromise the confidentiality of information.
“Statistics show 12,000 laptops are lost every week in US airports alone. And among USB drives, mobile devices, storage devices, what happens if you lose one? What software of data is supposed to be used? Like for example, you’re not supposed to send credit card numbers in your email. If I will copy data in my computer are you suppose to access it? If I’m allowed to copy a USB drive, should it be encrypted in that USB drive so that if the drive is lost it is still safe? Those are the questions companies need to ask,” he said.
The second step, he said, is controlling how users treat information. This is to stop any risky behavior, such as transferring unencrypted information onto USB sticks and via email. Organizations should extend their anti-malware infrastructure in order to: Protect data in motion and data in use; guarantee efficient operations; and ensure that they meet regulatory requirements.
Ducklin said their key difference from traditional anti-virus companies is that Sophos never had a consumer product and that they’ve always concentrated on protection from networks and protection for government education business.
“We also have, in my opinion, unparrarelled platform support. So if you got some Linux servers, windows laptops, and Mac work stations, we can protect all of those with a single license,” he explained. We just don’t keep the bad things out but also deal with data encryption and data protection which is keeping the good things also in.”
Sophos reported data leakage remains a top concern in 2009, with scandals continuing to dominate the headlines. Many corporations and government institutions have failed to protect their confidential information — including the identities of their workforce, customers and general public.
Sophos said users are routinely using and sharing data without giving enough thought to confidentiality and regulatory requirements. This has led to numerous incidents of data loss in the first six months of 2009 – some accidental and some malicious:
• May Hackers broke into a Virginia government website, stealing the details of almost 8.3 million patients, and threatening to auction them to the highest bidder.
• May The theft of a single laptop in the UK put the personal identities of 109,000 pension holders at risk. The laptop contained names, addresses, dates of birth, National Insurance numbers, employer names, salary details and bank account information.
• June 530,000 Viriginia patients were individually notified that their SSNs had potentially been exposed after a hacker gained access to the Virginia Prescription Monitoring Program.
• June Authorities arrested a former Goldman Sachs employee who uploaded the company’s secret source code to an FTP server based in Germany.
Possibly Related Posts:
- Philippine BPO industry hails Senate’s passage of cybercrime bill
- Cloud-based services potential security risks
- Philippine SMB market attractive for cloud service providers
- SAP introduces hosting service; debuts starter package
- IBM aims at SMBs with enhanced GRC platform
Comments
No Responses to “Stopping Data Leak via Encryption”