Every business collects and stores information on their customers. It is the responsibility of each business to protect this information from being released into the wild and accessed by those not authorised to access it.
A breach of even the most basic information needs to be reported and your customers advised so that they can take precautions to protect themselves. Many people use the same password in many places and that could put them at risk. Personal information such as date of birth and address details can be enough for identity theft.
Also, the businesses commercial information that has been generated over many years needs to be protected too.
These should be safeguarded to avoid intellectual property theft that could erode your competitive advantage.
Therefore it is important to take measures to protect this information as best you can, weighing up the risk and value of this information.
What can you do about it?
You may already have some of the technology available in your current environment that just needs some configuration to get it working. It is also something that needs consideration as to how much to spend to protect yourself to make sure you don’t spend more on the prevention than what an actual loss impact might be. You may find you simply need to change what information you collect to reduce the risk, are you collecting information that you don’t really need, but which puts you and your clients at great risk.
Some low hanging fruit:
Some technologies that are around that can help:
Microsoft Office 365 data loss prevention: https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide
Fortigate Data Leak Prevention: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46641
Mimecast DLP: https://www.mimecast.com/content/data-leak-prevention/
An interesting extra benefit many of these tools allow is putting keywords or blocked words into the policy to block bad language before it leaves the organisation.
Reach out MIACOR IT to discuss any concerns you have, as the first step is to have a conversation about what information you have.