Issues Relating to Data Loss in Companies
The IT Policy Compliance Group released research on March 9, 2007 to report that 20% of businesses lose more than 22 sensitive data every year.
The study indicates that companies and organizations reporting data breaches suffer on average 8% revenue loss and also lose customers by similar margins because they are concerned about personal information. In addition to these losses is the cost resulting from notifying affected customers whose data is found missing. Then there is cost of data restoration. That totals to $100 for every lost or stolen customer data, according to the report.
The primary means through which data slips, in order of danger are PCs, laptops, portable devices, e-mail, instant messaging, applications and databases.
The research says the most sensitive data losses relate to customer, financial, corporate, employee and IT security information.
Among factors responsible for data leakages, mistakes by company employees accounts for 75% of total missing data and malicious practices like threats on the Internet, hacking and online attacks constitute 20%, showed the report.
To ensure that businesses and organizations keep safe the data they accumulate, in-built IT controls are vital as preventive measures, said Heriot Prentice, director of technology practices at The Institute of Internal Auditors in a written statement that Information Week published on March 9, 2007.
Organizations should seriously consider and practice upfront in the plan out of hardware and software redundancy to keep information secure throughout its life cycle. If there is collection of data there should also be protection for it.
Organization respondents in the survey, which suffered the least data loss said they were giving more time to compliance with monitoring policy and were using multiple IT controls. The best organizations were monitoring and using controls once a week; in contrast most firms were employing such measurements as scarcely as once every 176 days.
IT Compliance Group MD, Jim Hurley said lack of protection of IT security and regulatory audit data was similar to disclosing the vault combination. Rather than cash and securities these companies are exposing sensitive data of business and customers, and revenues to risk, he said.
Related article: ICC Cup Event Could Be Fodder for Phishers
» SPAMfighter News - 17-03-2007