Still think you don't need DLP?

Infosecurity Europe conducted a survey this week of 600 commuters at railway stations in London.  Here are the frightening results:

• 89% said they would disclose sensitive data from their employer in return for payment ranging from GBP1 million to as little as a meal.
• 88% of those surveyed considered the information to which they have access as valuable.
• One-third of respondents indicated less loyalty to their employers compared to one year ago.

Even if we assume that respondents were exaggerating a bit, the results of this interesting survey reveal that employers are at serious risk of losing sensitive data.  The result could be as simple as a bit of embarrassment, but could be as damaging as the loss of trade secrets or the squelching of a company acquisition.

Organizations of all sizes need to deploy data leak protection (DLP) systems to help prevent this type of data loss.  While DLP systems cannot prevent all data breaches, and while they are less effective at preventing malicious behavior than they are at preventing inadvertent breaches, they are a good adjunct to corporate policies and other efforts designed to protect sensitive and confidential data from leaving the organization in unauthorized ways.  DLP will continue to become more important over time as the venues for data leakage proliferate, including email, instant messaging clients, blogs, wikis, social networking sites, USB thumbdrives, mobile devices, etc.  DLP clearly will never replace employee integrity as a preventive for malicious data breaches, but it's necessary nonetheless.

More information on the Infosecurity Europe study is available here.