Data Vulnerability—Combating Data Loss with Best Security Practices

Related Articles

• What Really Is the "D" in BYOD?
• Being Part of the Underclass…and What You Should Do about It
• Your New Year's Resolution--Pick Better Passwords

Subscription Options

Subscribe Newswire

Widgets & RSS Feeds

All businesses operating today are at risk of data loss. In some cases it is human error and in others it’s with deliberate malicious intent. The very connectedness that characterizes messaging today enables great benefits and ease of business, while at the same time the potential for abuse.

With the latest data breach against Epsilon just a few weeks behind us, the topic of data vulnerability is still top of mind. It is important to remember that more than email marketers are at risk for being targets of organized cybercrime, advertising networks, certificate authorities and mailbox providers have all been compromised in the past 90 days. In 2010, the Online Trust Alliance (OTA) recorded 407 breaches, and 26 million records compromised. This translates to high costs as OTA puts the cost per record at $204 USD, and a $5.3 billion impact to U.S. businesses. It is generally accepted that many breaches that occur go undetected or unreported, so the 2010 incident numbers are actually higher. How much higher we have no way of knowing.

In response to the recent string of attacks targeting email service providers and the marketing community, OTA yesterday unveiled its Security by Design Framework, a set of guidelines that recommend a re-investment in security best practices and operational disciplines.

“The Security by Design Framework transcends technology and requires that all organizations foster collaboration within their corporate and partner ecosystem. By adopting these best practices, organizations will not just challenge their own security constructs, but also ensure that prospective vendors and partners are adhering to the same high standards,” comments David Daniels, CEO and co-founder of The Relevancy Group.

Working with leading organizations, the email community and security experts, OTA’s guidelines offer a holistic framework, predicated on the belief that all members of the messaging community have a stake in the preservation of consumer trust and that data stewardship is everyone’s responsibility. According to OTA, here are a few steps to effective “Security by Design”:

1. Create a cross-functional security team headed by a chief security officer (or equivalent) as the single point of authority with security accountability.
2. Map the data workflows within your organization and providers to identify points of vulnerability. Examine how you handle data, from collection and storage to transmission, usage and destruction. Define who should have access to the data, how and why.
3. Include security review milestones in every project, from the development of functional specifications through trial and launch.
4. Audit your network infrastructure, mapping it to both internal and external facing sites and all points of connection. Implement processes to monitor the security of your network and data assets to detect unauthorized access or unusual patterns of activity.
5. Develop an incident response plan and team with pre-defined action items and communication strategies that can be activated should a breach occur.

OTA believes that in today’s cybercrime landscape, businesses need to assume if they collect and retain data they will lose it. If businesses accept this premise, they can then better protect, detect and remediate potential losses.

While the creation of the Security by Design Framework had online marketers—like Epsilon—in mind, these best practices and the need to safeguard data is for everyone.

=

Eye on Messaging is written by Stephanie Jordan, editor in chief of Messaging News. If you have story ideas or news to share, email her: sjordan [at] messagingnews [dot] com