A recurring subject on my blog since I started this up back in 2006 has been control of data and usage auditing. The Irish Times is reporting that companies are losing control of data by allowing employees to download the data to domestic PC’s. Their PC’s are either stolen or sold with the data on it. Even if they delete the data, it’s still recoverable without using a wipe tool like DBAN. Just like disk encryption, it seems like businesses don’t want to take this one seriously. I’ve talked about it over and over and over.
Have a read of those posts if you want to learn about how to protect your data no matter where it is. Some quick tips:
- Learn how to properly secure data on your file shares: Then only authorised users can access the files.
- Use Rights Management Services to protect data no matter where it is: Bringing data to a home PC is useless. Forwarding emails can be prevented. Printing can be prevented.
- Audit data access, e.g. on the file shares and using OpsMgr 2007 R2 Audit Collection Services: Know who has done what for investigations.
- Use Network Access Protection to restrict access to company resources: That domestic PC won’t be able to connect to your network without the proper security configuration.
- Use forced (by policy) removable storage encryption to protect mobile data: Mobile data is secure even if the removable storage is lost or stolen.
- Use forced (by policy) laptop encryption to protect company laptops: The data on the laptop is secure even if it is lost or stolen.
- Use something like DBAN to wipe computers when you finish with them or they move between departments: Deleted/formatted data is recoverable so a secure wipe is required to overwrite it with garbage.
- Put policies in place: Breaking company policies is a punishable offence no matter who does it.