WHAT A CIO MUST KNOW ABOUT DATA LOSS
Data—whether physical or on the cloud—is subject to theft no matter what. This data can include intellectual property, customer information, financial plans, and more. As we’ve seen on the news, data theft can lead to catastrophic consequences for a company—sometimes in the millions of dollars, as well as damage the reputation of the company.
There are laws regarding disclosure on the federal and state level, and violations can result in jail time, fines, or both. Some of these laws include the Health Insurance Portability and Accountability Act (HIPAA) in regard to medical records, the Gramm-Leach-Bliley Act (GLBA) in regard to financial records, the Federal Information Security Management Act (FISMA) in regard to government records, the Fair and Accurate Credit Transactions Act (FACTA) in regard to consumers’ credit reports, and the Office of Management and Budget (OMB) Memo 06-16 in regard to federal agency information that is accessed remotely or transported outside of the agency’s physical perimeter.
One study by analyst firm IDC reported that 60 percent of corporate data is unprotected, which means that the Chief Information Officer (CIO) must move quickly to secure that data and prevent it from falling into the hands of unauthorized parties. Here are some solutions that can help CIOs prevent data loss.
Encryption is often seen as the solution to prevent data loss, but the risk is still present. If unauthorized parties can get the authentication information, the password can be compromised and in turn, the data is compromised. Internally, it can also be an issue—if a user loses their authorization for any reason (contract worker, employee resignation or termination) but has a company-owned computer, data encryption is also considered useless.
An alternative to encryption is data destruction—rendering any unauthorized users from using a PC or laptop that has been compromised. One way this can be done is through combining encryption with data destruction to immediately destroy the evidence once the compromised PC or laptop reconnects to a network that is not theirs. This is done by the CIO checking off the PC or laptop as unrecoverable and thus off the network. One can implement steps to do this such as administrator rules regarding the number of unsuccessful login attempts (which is done for many websites for security purposes). At the CIO’s discretion, one can choose to do this for a single file, an entire folder, or even the entire PC itself.
Backup and recovery should also be considered as part of a comprehensive data loss solution for a CIO. One can do this in-house or externally. With backup and recovery, these files can be easily placed on new hardware.
The thought of losing your data and having to recover it should be the last thing on the CIO’s mind—but nevertheless, it is important to consider the possibility and prepare for these events. Clarabyte’s ClaraWipe solution provides absolute data destruction, which can assist in the loss of the data. ClaraWipe meets or exceeds major national and international regulatory and technical standards, making it ideal for use in industries where data protection, data destruction, and data recovery are rules rather than the exception, such as government, finance, healthcare, and more. ClaraWipe’s competitive price point also makes it ideal for organizations who are trying to secure their data without breaking the bank.