Only a few weeks ago, it was uncovered that sensitive information from the Australian Federal Police Department (AFPD) had been leaked to parliamentary websites and other sources for several years.
Information on a surveillance subject, descriptions of criminal investigations and offences being investigated along with names – and in some cases phone numbers – of AFPD officers were all made public.
Given that the government is in the midst of a metadata security and privacy reform, this data breach is particularly damaging to its reputation.
However, the AFPD incident is not unique. In 2013 more than 800 million records were exposed globally as a result of data breach incidents (ABI research). According to the Australian Securities & Investments Commission, breaches such as this cost on average two million dollars in Australia.
Traditionally, the most significant threats came from outside the organization’s perimeter.
Today, that is no longer the case.
According to Clearswift’s Australian Enemy Within research (2013):
- Employees are most likely to be seen as the source of data security breaches (44%)
- Ex-employees are seen as responsible for 20% of breaches
- Customers, partners or suppliers are seen as responsible for 21% of breaches
- The vast majority of these breaches are accidental (85%)
So – how can you prevent sensitive information being inadvertently emailed out of your organization or posted on websites?
The answer is with Data Loss Prevention (DLP) technology, however - it must be chosen wisely. Many large organisations have a DLP solution in place, but they are often ineffective. This is because traditional DLP systems are based on a ‘stop and block’ approach which hinders ongoing collaboration; an increasingly important issue, given the fact that productivity has been falling since 2007 (Australian Productivity Commission).
In today’s world, Australian organizations need to evolve their DLP approach in order to foster the collaboration that is critical to business productivity. With the right technology, it is now possible to implement a DLP solution that enables collaboration, while also removing sensitive data – based on the organization’s policy – and deliver the remaining information to the people who need it.
That’s what DLP should be all about. Adaptive protection that is seamless, relevant and easy to use.