Data loss threat for firms

New McAfee research finds European businesses are ill-prepared to deal with inside threats

Firms are risking the loss of sensitive data because they do not have the appropriate policies or technologies in place, according to a new European study commissioned by intrusion-prevention specialist McAfee released today.

Over a third of respondents said they did not have policies for handling sensitive documents and of those firms that did, a quarter of employees said they did not know what the policies were, the survey found.

The research also highlighted that unintentional data loss could be a major problem among European organisations: nearly 40 percent of respondents said they forward customer data and records to others outside the company while 45 percent said they take financial records out of the business using portable devices.

"What people need to remember is that although there are malicious employees, a much larger percentage aren't malicious but don't know what they're doing," said Mcafee security analyst Greg Day. "Policy should be communicated little and often – how is an employee supposed to tell when data is confidential for example?"

Day added that firms often fail to implement data loss prevention strategies because they assume the task is too complex and the volume of data overwhelming.
"Doing the basics will protect you against the large majority of threats," he argued. "Technology now gives you the ability to trace information flow – that is the biggest challenge for many firms, and once you understand that you can put things in place to [prevent data loss]."