SINGAPORE IT managers feel that significant leakage of data is happening through various electronic channels even though their companies are highly aware of the need to prevent data loss, a new survey shows.

The survey, conducted by information security and storage company Symantec Corp, shows that the biggest concern in managing data loss is the rapid growth of mobile devices such as smart phones, PDAs (personal digital assistants) and laptops that are used by employees.

Darric Hor, Symantec's Singapore general manager, told BizIT that more than half of all the respondents cited data loss through PCs, laptops and other mobile devices.

Around 46 per cent indicated e-mail, instant messaging and other electronic channels as the other points of weakness in prevention of data loss.

The survey specifically showed that 37 per cent of the respondents felt that employees working on corporate information from home to be the most vulnerable points in the security network for potential data loss in today's distributed IT environment.

The poll was conducted last month and investigated the key concerns about data leakage and IT security among organisations in Singapore.

It surveyed more than 100 IT managers to examine how well-prepared their companies are in preventing data loss. The respondents came from different industries like retail, telco, education, banking and healthcare.

On the positive side, the survey shows that 95 per cent of the IT managers have put in place IT security policies in their companies and 93 per cent actually take the time to educate their employees and enforce these policies.

In addition, 70 per cent of respondents revealed their companies use some form of endpoint security product, such as anti-virus, firewall, anti-spyware, anti-spam, host intrusion prevention or network access control to secure their systems and prevent the loss of data.

Some of the other major findings in the survey:

- Forty-two per cent of the respondents picked malicious activity in the form of Internet- based threats, attacks and hacks as the leading cause of data loss.  

- Out of the companies that use some form of endpoint security product, 84 per cent of respondents have installed anti-virus software and 69 percent have a firewall. Other measures like anti-spyware, anti-spam, host intrusion prevention and network access control each averaged about 26 per cent of respondents.

- Zero day threats and inadequate employee education and training are the most challenging factors after the rapid growth of mobile devices containing confidential corporate information, with 22 per cent picking each option respectively.

Mr Hor noted that most companies strive to provide a good work-life balance for its employees and this is leading to more people working from home.

"Technology has helped make this possible, with laptops, PDAs, web-based corporate e-mail and instant messaging allowing employees to be always connected wherever they are," he said.

The flip side to this empowerment is the risk that data can leak through these very channels that organisations use to communicate.

Mr Hor noted that today's IT security threats are now focused on the company's information and employees' interactions. "Security is not just about keeping threats out of an organisation, but ensuring that information stays inside the organisation."

With this in mind, Singapore companies need to ensure that their employees working from home are taking the right precautions to prevent the loss of confidential data wherever it is stored or used, he added.

Data leakage is becoming a key concern for companies as it is not only costly in financial terms, it also comes at a cost to the business" reputation and customer confidence.

"Data breaches can cost companies billions of dollars and data loss prevention (DLP) has emerged as a top priority for any company that handles confidential information."

He noted that an effective DLP strategy requires a policy driven approach. "It will not be solved with technology alone or with a single security product," he said adding that a combination of process improvement, technology and training is needed.

According to the Symantec official, companies should adopt a strategy that combines employee education, policy definition and enforcement, as well as the appropriate technology controls to protect information.

"A DLP strategy should involve multiple groups in the business - this is not just an IT problem."

Is this article useful to you?