Not the Time to Curtail Data Protection

With IT spending (all spending for that matter) under increased scrutiny, every new and existing IT expense requires justification. It may be hard to defend spending more money on upgrading data protection for existing services and programs that appear to be doing their job, especially if there have been no breaches.

A new report by Ponemon Institute and sponsored by Ounce Labs (a recent IBM acquisition), found that CEOs have a generally positive view about data protection efforts. According to the report, CEOs believe "the most important activities to achieving good data protection are: developing a data protection strategy for the organization; training employees, temporary employees and contractors; and reducing potential security flaws within business critical applications." CEOs felt stolen (31%) or lost (24%) computers or USB devices along with the incorrect disposal of storage media (22%) were the most common reasons for sensitive company data to be put at risk.

But good data protection services do more than just safeguard company data; they are a means of ensuring a company's reputation and brand integrity. Solid data protection practices also advance key organizational goals, such as compliance and ensuring customer trust.

Experts warn that seemingly innocuous practices can put a company and individuals at risk. Many suggest that businesses never allow an e-mail application to fully render html or xhtml e-mails. Do so and the recipient runs the risk of being identified as a valid recipient of spam or being successfully phished by malicious security code crackers. And it shouldn't need to be said, but using Web-based e-mail services such as G-mail and Yahoo! Mail should be avoided if you wish e-mails be kept private for any reason. Instead, use a local POP3 or IMAP e-mail application.