Aug 3, 2012

Your Data is Everywhere

Your data is everywhere. Here now. Was there yesterday. It’s on devices you own and devices you don’t.
It’s being accessed from within the office, on the move. It’s up in the cloud, it’s back on the ground – somewhere, anywhere. Meanwhile, the constantly shape-shifting shadow of data loss looms over every business.

You must see how ready your organisation is to tackle these new security challenges. You must know
how your state of security-readiness compares to typical enterprises, the areas of concern
and prioritise your security.

Data Theft means theft of different forms of electronic data stored in a corporate network in various forms,formats and location. Data can be stolen either by an outsider if he/she gets access to your data sources or by the employees of the firm themselves.

Data theft occurs when an outsider/insider gets access to your data and uses it for malicious purposes either by copying it through some form (using Flash drive, CD/DVD etc) or transfering (through ftp, mail, IM etc) it to some different location

Data Theft can be prevented by finding out how much of data is currently exposed in a corporate network
through different data sources and contiuosly monitoring data usage so as to prevent if some confidential data is going outside.

Let me share two examples of small business data security incidents.In the first incident an employee left a company (let’s call Company C), but the employee’s email account was not turned off. There were no checks setup at Company C to delete employee access (email, network, etc), and the work email account was being forwarded to the former employee’s personal email. While employed with Company C in a sales management role, the employee had setup a competing company, and when the employee left Company C, he continued to receive sales lead emails from Company C’s clients.
This continued for several months, and today Company C is having to spend several thousands of dollars in litigation in addition to facing the loss of several key clients.

The second incident involved a colleague of mine. Her healthcare provider’s office was broken into,
and the computer was stolen. This computer contained the financial and personal information of hundreds of patients. Personal banks accounts were accessed and money was stolen among other things.
When a credit card is breached it is a major inconvenience, but it can be stopped relatively quickly.When a bank account is breached, it becomes a much more difficult issue to deal with and fix.
This business lost the trust of hundreds of patients in addition to putting their financial and
personal information at risk. This could have been easily prevented by encrypting the computer, which by the way can also be done for free.

The following steps highlight the security plan for any business.

Step-1 Asset Identification/Classification and Risk Assessment
(i) Identify Information Assets
(ii) Classify Information Assets
(iii) Risk Assessment of Information Assets
Step 2 – Network and Physical Access Security Controls
(i)Network, Computer, and Email Access Controls
(ii)Review of Access Controls
Step 3 – Network and Personal Computer Security Controls
(ii) Anti-Virus/Anti-Spyware
(iii)Downloads and System Acceptance
(iv) Firewall and Internet Connection
Step 4 – Paper document controls
(i)Information Classification Policy
(ii)Shared Documents
(iii)Filing Cabinets
Step 5 – General security controls
(i)Employee Background Checks and Training for new Hires
(ii)Third Party Review
(iii)Visitor Policy
(iv)Incident Management System
(v)Emergency Response Plan

For more details and consulting, contact


  • Hey! I’m at work browsing your blog from my new apple iphone! Just wanted to say I love reading through your blog and look forward to all your posts! Carry on the great work!

    • thanks Mack! Your comments aere inspiring.

Leave a comment


February 2018
« Mar