Customer, student, employee and patient information is most at risk for cyber-attacks today, and defending that data is a top concern for IT professionals this year, according to the Data Loss Straw Poll, a national survey published by CDW, a provider of technology solutions to business, government, education and health care.
Concern about data loss is well-founded: One in four organizations has experienced a data loss in the last two years. Many organizations report breaches jeopardizing their network, email or other sensitive information, CDW found in its poll, which examines data security concerns across industries, including medium and large businesses, financial services and health care organizations and higher education institutions. One IT professional at a financial services company noted: Security is harder every day due to the ease with which personal information is gained.
This data loss comes at a cost: A Ponemon Institute study published in March found that organizations suffering a data loss in 2011 paid an average of $5.5 million per breach, which translates into an average of $194 per record lost. The damage resulting from data lossto the bottom line and to an organizations reputationis very real, said Christine Holloway, vice president of converged infrastructure solutions at CDW. Perhaps it should come as no surprise that IT professionals view data loss as the greatest business risk to organizations this year. As telework and access to mobile computing grows, preventing data loss is increasingly importantand increasingly complex.
CDWs survey shows that the number of people accessing business networks increased by an average of 41 percent during the last two years. The report suggests inadequate security policies contribute to security challenges: While most organizations allow employees to access their networks with personal mobile devices, security policies for employee-owned devices are often less strict than for employer-owned devices. More than a quarter (27 percent) of IT professionals said they do not have security policies for employee-owned mobile devices.
Organizations that give their data security an A grade layer nearly all available data loss prevention measures, including encrypted storage, backup and email gateway, endpoint data loss prevention and security solutions, full-disk encryption and Web security filters. Organizations with A security are also more likely than others to require employee-owned mobile devices to comply with defined security procedures before they are granted network access.
Data loss prevention solutions help to protect personal, financial and research and development data, and they also flag any data being handled in a way that deviates from established security policies. No organization appears to be immune from data lossblue-chip companies, small businesses, schools and governments have been affected, said Rick Hanson, senior director of sales for security specialist Symantec. Prevention is essential. Organizations that layer security solutions to address network endpoints, data at rest and data in motion are more aware of potential security threats, less susceptible to breaches and better able to respond when a breach occurs.