>enterprise special interests
>smb special interests
>industry special interests
home > guidance > enterprise special interests


What’s the cause of data loss and theft?

User errors leads the list of the primary causes of data loss, followed by violations of policy, Internet threats, IT vulnerabilities and an insufficient number of IT controls (Figure 1).

 

Figure 1: Causes of data loss and theft




























Source: IT Policy Compliance Group, 2007

 

Guidance recommendations

 

The causes of data loss and theft are clear indications of the important role that employee education and procedural controls play in reducing the likelihood of data theft and loss.  It is also clear that procedural controls are not sufficient to stem data losses and thefts.  After user errors, all other causes of data loss and theft are smaller, but over time add up.

 

Reducing losses and thefts of sensitive data is going to take a concerted effort that includes:

·       Delivering training to employees and managing exceptions to policy

·       Improving IT controls

·       Automating IT controls

·       Increasing the frequency of measurements and reporting

·       Maintaining an inventory of sensitive data

 

 

© IT Policy Compliance Group, 2007

 









Most small businesses are performing at the norm with between 3 and 15 compliance deficiencies and IT security events resulting in financial harm. more...



Latest Blog Topics:

Topic : Policy Shapes Outcomes
Topic : Who’s sets objectives: Legal, Business lines or IT?
Topic : Who Manages Information Security?

© 2008 IT Policy Compliance Group, USA, All Rights Reserved.privacy policy | terms of use | contact us