Many of the technologies businesses rely on to create new services, make workers more productive and serve customers better are the ones most likely to lead to data loss, according to data loss statistics gathered by a recent security study from IT industry association CompTIA.
The “leading culprit” is data in motion, according to the online survey of 1,183 IT and business executives involved in setting security policies for their organization. In other words, all that data being accessed through unsecured Wi-Fi networks, sent through unencrypted emails, and downloaded to USB drives or websites is putting organizations at risk.
Among the 52% of the organizations that reported a data loss in the last 12 months, 65% said that confidential corporate financial data was lost, 52% said that confidential employee data was leaked, 27% reported losing confidential customer data, 26% lost corporate intellectual property, and 21% suspect data loss but couldn’t identify what was lost, according to the data loss statistics.
Still, context is everything. When compared to the growth in the use of social networking, security risks associated with social networking are pretty low, CompTIA argues. The association quickly pointed out, however, that security risks will rise because of malware, social engineering and data mining on such sites.
As for cloud computing, the top three security concerns included downtime, loss of data during transfers to the cloud and a lack of data encryption.
Those surveyed also had “serious concerns” (48%) about employees downloading unauthorized apps to mobile devices, theft or loss of corporate mobile devices (42%), and risks when using open Wi-Fi networks (41%).
The IT and business executives didn’t specify the types of recent data loss prevention tools they have in place or the ones they are considering, but they did share their response strategies for data loss prevention:
- Implement encryption policies for data stored on mobile or portable devices.
- Create a stricter separation between work and personal communications.
- Reinforce acceptable user policies for mobile devices.
- Reinforce or create corporate policies governing the sharing of proprietary information on blogs, forums or social networks.
- Further compartmentalize sensitive corporate data to ensure that only need-to-know employees have access.
Let us know what you think about this blog post; email: Christina Torode, News Director