Preventing Data Loss Incidents in the Public Sector

OVERLAND PARK, KS–(Marketwired – May 06, 2015) – Public sector data breaches affected several high-profile U.S. government targets in 2014, including The White House, U.S. Department of State, U.S. Postal Service and the U.S. Office of Personnel Management. So what’s at fault for the data breaches and how can future incidents be prevented?

According to the 2014 Data Breach Investigations Report for the public sector, three factors accounted for nearly 80 percent of public sector data breaches.

Miscellaneous Errors
About a third of public sector data loss incidents were caused by “miscellaneous errors”. These breaches don’t make the headlines because they are usually less impactful than the other two categories of incidents.

Miscellaneous errors include the posting of private data to public sites, sending or emailing information to the wrong recipients or disposing of assets in an unsecure way. Nearly half of the incidents involved printed documents. The report explains that as the U.S. government is the nation’s largest employer, its massive volume of data is naturally susceptible to a higher volume of misdelivery incidents. Human error will always be a risk, but such errors can be reduced by:

• Implementing stricter policies on sending out and posting documents
• Training employees on properly disposing sensitive documents
• Automating your workflows to eliminate some possibilities for human error

Insider Misuse
The second most common cause of data loss was “insider misuse”, which accounted for 24 percent of incidents. Insider misuse is when employees with access rights use their privileges to access data. One example is whistleblowing incidents. Incidents of misuse can be reduced by:

• Reviewing user accounts and access rights on set intervals
• Monitoring user activities continuously
• Implementing policies on accessing files for non-work-related reasons

Crimeware
Lastly, 21 percent of public sector incidents were caused by crimeware, consisting “mainly of opportunistic infections tied to organized criminals with some kind of direct or indirect financial motive” through malware or phishing. These incidents are expected to rise in number as fewer and fewer printed documents will be used in favor of their digital counterparts. Such instances can be reduced by:

• Providing security training to employees to raise awareness of hackers’ usual techniques
• Continuously monitoring and correlating configuration, vulnerability and web app scan data

Many organizations have taken a proactive approach to data breach risk by implementing a governance, risk management and compliance (GRC) software platform. A GRC platform, including LockPath’s Keylight platform, automates processes and workflows, minimizing the risk of human error. Keylight also provide unprecedented oversight and visibility into the business, allowing for identification and mitigation of serious risks. Compliance with IT security standards and regulations, any associated risks, incidents, third parties, audits or business continuity plans can be linked and correlated to give executives the full picture — the end game being to either prevent or minimize the damage of a data loss incident.

About LockPath
LockPath is a market leader in corporate governance, risk management, regulatory compliance (GRC) and information security (InfoSec) software. The company’s flexible, scalable and fully integrated suite of applications is used by organizations to automate business processes, reduce enterprise risk and demonstrate regulatory compliance to achieve audit-ready status. LockPath serves a client base of global organizations ranging from small and midsize companies to Fortune 10 enterprises in more than 15 industries. The company is headquartered in Overland Park, Kansas.

Image Available: http://www.marketwire.com/library/MwGo/2015/4/29/11G040010/Images/iStock_000003293108_Resized-251296140646.jpg