Comment What big companies do (Score 1) 226
They use Data Loss Prevention software. I founded one of them, so go ahead and call me biased, but the "F1000" crowd have this problem big time.
DLP systems will tell you where the secondary and tertiary copies of this data are (inappropriately) stored. They'll tell you how that data is being used, where it's being sent, and which employees are using and/or abusing it. The good ones will be able to block the egress or exposure of the data before it leaves the perimeter.
Do you have a bank account at a national retail bank? Are you insured by a "top 10" firm? If so, it's highly likely your data is already being protected by these systems.
Most of the risk of exposure is driven by well-meaning insiders who think they are just doing their job, but make a mistake or cut a corner and end up losing or exposing data. DLP software frequently catches the corrupt and/or malicious crowd as well. Most perps are pretty sloppy operators, and DLP software finds their tracks easily.
DLP systems will tell you where the secondary and tertiary copies of this data are (inappropriately) stored. They'll tell you how that data is being used, where it's being sent, and which employees are using and/or abusing it. The good ones will be able to block the egress or exposure of the data before it leaves the perimeter.
Do you have a bank account at a national retail bank? Are you insured by a "top 10" firm? If so, it's highly likely your data is already being protected by these systems.
Most of the risk of exposure is driven by well-meaning insiders who think they are just doing their job, but make a mistake or cut a corner and end up losing or exposing data. DLP software frequently catches the corrupt and/or malicious crowd as well. Most perps are pretty sloppy operators, and DLP software finds their tracks easily.
