Data Theft Prevention for the SME / SMB is more about humans, common sense and policies. Data Loss Prevention Software is just one of the means and definitely not the end.
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Data Protection, Humans and Common Sense
1. It is about common sense not software !
Data Theft Prevention for the
SME.
Data Protection … Keeping it simple.
2. Do you have important data on
the computer ?
•
•
•
•
•
•
Customer Information
Technical Drawings / Source Code
Financials / Employee Information
Marketing / Contact Information
Quotations / Agreements / Contracts
Personal Information
Data Protection … Keeping it simple.
3. What will happen if the data gets
stolen ?
•
•
•
•
•
•
Loss of Business
Financial / Revenue Losses
Productivity Losses
Intellectual Property Losses
Loss of Reputation
Legal Liabilities
Data Protection … Keeping it simple.
4. Cause of a Data Breach
Root Cause of Data Breach
35%
36%
Malicious or Criminal
Attack
System Glitch
Human Factor
29%
Data Breach Study 2013 – Ponemon Institute
Data Protection … Keeping it simple.
5. Higher Risk of insider Data
Theft.
•
•
•
•
•
Sudden resignation of employee / partner
Employees joining competitors
Family relations in competing company
Staff starting their own similar business
Employees being layed off / fired
Data Protection … Keeping it simple.
6. Some Possible Signs of Data
Theft
•
•
•
•
Request for purchase of USB Pen Drives
Working when no one else is there
Personal Devices being brought to office
Your information appearing in the public
domain
• Identical Products and all your customers
being contacted suddenly
Data Protection … Keeping it simple.
7. Common Ways of Copying Data
•
•
•
•
•
Physical Theft
Print Outs
USB, CD/DVDs, Hard Disks
Laptops / Tablets / Smart Phones / Mobiles
Internet / Remote Access / Messengers
Data Protection … Keeping it simple.
8. Industry Wise Data Theft
3%
1%1%
2% 2%
Distribution
17%
3%
3%
8%
14%
9%
11%
14%
12%
Financial
Public Services
Retail
Services
Consumer
Industrial
Technology
Communications
Hospitality
Pharmaceuticals
Transportation
Energy
Healthcare
Media
Data Breach Study 2013 – Ponemon Institute
Data Protection … Keeping it simple.
9. Costs of Data Breach
•
•
•
•
Number of Records Breached : 26,586
Cost of Data Breach : Rs. 5.4 crores
Average Notification Cost : Rs. 12 lacs
Average Cost of Lost Business : Rs 1.5 crores
Data Breach Study 2013 – Ponemon Institute
Data Protection … Keeping it simple.
10. Legal Liability Cost
• IT Act. (2008) – 43A :
Compensation for failure to protect client data
can be up to 5 crores.
Data Protection … Keeping it simple.
11. Legal Liability Cost
• IT Act. (2008) – 72A :
Punishment for Disclosure of Information in
Breach of Lawful Contract.
– Imprisonment of 3 years and/or a fine up to
Rs. 5 lacs.
Data Protection … Keeping it simple.
12. So now what ?
Do not think ‘software’ only ... Think
first what happens to data in office.
Data Protection … Keeping it simple.
13. Do you even know what data you
have ?
•
•
•
•
•
Where is your data stored ?
Which information is considered sensitive ?
Who has access to it ?
Do all PCs require all the data ?
What about data on portable storage ?
Data Protection … Keeping it simple.
14. Data Theft without
software. (1)
• Education of employees / contractors about
IP / Company Data / Customer Data
• Agreements and Understanding of Non
Disclosure
• Strict Action to non adherence of company
policies
Data Protection … Keeping it simple.
15. Data Theft without
software. (2)
• Secure Physical Devices / PCs / Laptops
• Secure Offices Portable Storage Devices
(USB , CD/DVDs)
• Who can sit on which computer
• Disallow Unauthorized Devices/PCs if
possible.
Data Protection … Keeping it simple.
16. You can not steal what is not
there..!!
• Archive / Backup Data not being used
• Delete Data not being used
Data Protection … Keeping it simple.
17. What about inventory ?
• How many PCs / laptops ?
• What is the h/w configuration of each PC ?
• What is loaded on each PC - OS, software
and data. ?
• Inventory of removable / portable storage.
• Inventory of portable modems.
Data Protection … Keeping it simple.
18. What about the basic network ?
•
•
•
•
•
•
Do you have a Server ?
List of Machine Names / IP addresses
Does everyone have user name / passwords
Do you allow Remote Access ?
Wifi / Wired ?
Internet Connection Single Entry ?.
Data Protection … Keeping it simple.
19. User Account Policies
Dynamite against data theft.
•
•
•
•
•
•
No empty / default passwords
Passwords should expire
Strong Passwords
No Common Passwords.
Privileges / Account Deletion
Remote Access
Data Protection … Keeping it simple.
20. Reckless Wireless Routers.
•
•
•
•
•
No SSID Broadcast
No Wireless Configuration
MacIDs
User Name / Password Security
Change Default Password
Data Protection … Keeping it simple.
21. ‘MUST’ Software
• Anti Virus / Anti Malware / Anti Spam /
Anti Phishing Software
• Regular Updates of AV / Operating
Systems
• Regular Patches of OS and Software
• User Access / Privilege Management
Data Protection … Keeping it simple.
22. But Anti Virus is NOT enough to
stop employees stealing data !
Data Protection … Keeping it simple.
23. Stepping towards Basic DLP.
• Internet Access Control
– Websites, Protocols, Firewalls, Proxies
• Device Control
– USB , CD/DVDs, Modems , Blue tooth
• Upload of Data
– Browser Based Uploads
• Encryption
Data Protection … Keeping it simple.
24. Humans, Common Sense and
Policies !
It will surely help – all the best !
Data Protection … Keeping it simple.