Five years ago in October 2004, I wrote a piece on the top ten mistakes companies make in their data security policy and implementation (see the full article - 10 common data security mistakes). I took a few minutes today to update the article in the course of preparing for our next online data security workshop (register online). Most of the material still feels pretty relevant today:
Wait until you have a major data loss event
Assume that permissions protect your data
Assume that there are no threats on authorized network channels
Assume that your firewall protects your data
Assume that data on servers inside your network are safe
Don’t give employees Internet access
Spend $50k and 5 months doing a data security risk assessment
Avoid answering “Who owns data loss prevention”?
Buy according to what you read in the trade press
Decide by Powerpoint