How much data is leaking out of my organization, and what are the maturity levels of my business processes in stemming these losses?

Common challenges & issues:

  • You know that data loss is likely, but you have no idea of what type of data is being leaked out of your organization, or how it is being lost.
  • Do you know which file servers and laptops contain exposed confidential data?
  • Do you know who is carrying inappropriate confidential information on their laptops?
  • Are you able to demonstrate compliance with privacy laws and regulations?
  • Can you show ongoing initiatives combating losing data?

Conducting a privacy and data loss prevention Risk Assessment is the first step towards a comprehensive risk management program. The risk assessment is designed to assess the level of information loss and measure the maturity of data protection initiatives enacted by the company.

The first step is deciding what information the company desires to protect. In addition to confidential internal information that a company desires to protect, such as sales forcasts and reportsing, R&D, M&A documentation, a variety of laws exist concerning the handling of customer and employee information. These include, but by no means are limited to:  

  • 35 US state data privacy laws
  • GLBA
  • HIPPA
  • Payment Card Industry Data Security Standard (PCI DSS)
  • SOX
  • The EU Data Protection Directive 95/46/E and affiliated laws
  • Works Council privacy issues
  • Bank Secrecy laws (Switzerland)
  • The Personal Data (Privacy) Ordinance (Hong Kong)
  • And many others

The second step is discovering where that information is located or is in the process of moving to. Then an assessment can be made of the amount of violation occurring, and the level of risk.

How we can support you:

Milton Alexander’s privacy and data loss prevention risk assessment is a combination of a Risk Questionnaire, and an automated check of data inappropriately stored, or actually captured while transiting the organization, utilizing data loss prevention (DLP) technologies.

Milton Alexander DLP and Privacy Risk Assessment gathers information in preparation for conducting a proper automated risk assessment, but also reviews existing privacy polices and procedures, incident response processes, Digital Removable and Transportable Media handling, data provided in outsourcing relationships, and privacy governance models.

The Automated Risk Assessment utilizes DLP tools for data in motion and data at rest to measure their level of data loss risk. Preconfigured policies corresponding to policy or regulatory violations can be input, or key words or documents scanned for across the enterprise or business unit. The result shows confidential data exposed on laptops and desktops, open file shares, servers , and databases, as well as inappropriately leaving the network by email, web mail, file transfers, instant messaging or other protocols selected.

The final result is a comprehensive Risk Assessment Report that demonstrates data loss frequency, severity, and risk by data type, the user in violation by department, policy and regulation violated, as well as an industry benchmark comparison. Also prepared is an executive summary, with data loss prevention recommendations.