Where in the world is your PII and other sensitive data? by @druva inc

Where in the world is your PII and other sensitive data? by @druva inc

• 1.
  Consumers rely onbusinesses to keep their personal information safe. Too few of those businesses are actively protecting that data. Here’s what’s gone wrong, and how businesses should be responding.
• 2.
  87% of the U.S.population can be uniquely identified using only their gender, date of birth, and ZIP code. It’s not just the most obvious types of PII, such as credit card numbers, that require protection, according to the U.S. General Accounting Office.
• 3.
  BASIC DEFINITIONS Know yoursensitive data, and the definitions of the data types to be protected. Personally Identifiable Information (PII) is the general term for “all about you”. PII can include full name, address, email address, social security or national identification number, passport number, credit card numbers, date of birth, birthplace, biometric information, and medical data. Protected Health Information (PHI) includes an individual’s past, present, or future physical or mental health conditions wherein the data identifies the individual. Personal Credit Information (PCI) is any data related to financial credit, such as information in an individual’s credit cards or bank accounts, or the agencies that report on payment history. Intellectual Property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, computer code, names, and images used in commerce. Compromised data can lead to identity theft, bank account access, and other negative impacts to your customers and your business.
• 4.
  PII and othersensitive data is increasingly dispersed, today, with the rise of mobile computing, consumer technology, and cloud computing.
• 5.
  84% 21% 50% of business workersuse email to send classified or confidential information: payroll, customer data, financial information, business plans, etc. of files uploaded to cloud-based file sharing services contain sensitive PII. 7% of cloud data is PII. By the end of 2016, more than of the Global 1000 companies will store customer-sensitive data in the public cloud.
• 6.
  31% 52% 20% of all corporatedata uploaded to the cloud is in a customer-relationship management application (CRM), and 6% of it is sensitive data. of business users have lost an external or mobile device containing sensitive business or personal information. of healthcare organizations, employees store PHI data on their computers; 41% of healthcare organizations admit to not adequately protecting endpoints.
• 7.
  The problem ofdispersed PII is gaining momentum. Data sprawl has resulted in a loss of data visibility, causing many businesses to significantly increase their risks — and to worry their customers.
• 8.
  79% of customers losetrust in a company that experiences a breach involving their PII.
• 10.
  The average organizationalcost of a data breach reached more than $6.3 million in 2015, an increase of over $1M since 2013. — Ponemon
• 11.
  The list ofnations with strict laws regulating the processing of personal data is growing.
• 13.
  IT organizations inthe largest companies are unprepared to protect PII.
• 14.
  Despite increasing pressureon companies to show compliance with global data privacy and other industry- specific regulations (HIPAA, FINRA, GLBA, COPPA) that apply to sensitive data, IT lacks confidence to address these complex issues.
• 15.
  44% of corporate datastored in cloud environments is not manged or controlled by the IT department 51% of companies are confident that they can preserve data on mobile devices for litigation, regulatory, or investigative requirements. $3.75M In 2013, Barclays Bank was fined after it was discovered the bank failed to keep critical records.
• 16.
  26% of legalpreservation requests now included mobile device data; an often manually complicated and error-prone process. 12% Insider and privilege misuse was responsible for 12% of IP theft.
• 17.
  Identify and TakeAction Against Data Risks Across Mobile and Distributed Data Businesses can take steps to get ahead of the risks and to reduce their exposure.
• 18.
  Identify and locatesensitive personal data. Centralize visibility of your data. Find out who can access customer and employee data. Implement secure technologies. Retain data only as long as it’s needed. Automate risk identification.
• 19.
  Druva’s converged dataprotection brings datacenter class availability and governance to the mobile workforce. Druva’s inSync proactive compliance solution delivers new, enhanced governance-related capabilities that equip organizations to stay on top of their data, where it’s located and how it’s handled, while at the same time ensuring the integrity of that data if its authenticity is called into question during litigation.
• 20.
  The new enhanceddata governance capabilities include: DRUVA’S PROACTIVE COMPLIANCE SOLUTION
• 21.
  Learn more aboutDruva’s proactive compliance capabilities at druva.com/proactivecompliance
• 23.
  http://resources.ipswitchft.com/rs/ipswitch2/images/eBook%20-%20Are%20employees%20putting%20your%20company%27s%20data%20at%20risk.pdf https://www.netskope.com/blog/netskope-cloud-report-look-compromised-credentials - Gartner,June 2015 https://www.skyhighnetworks.com/cloud-university/is-the-cloud-secure/Brief Stolen and Lost devices are Putting Personal healthcare information at Risk: It’s time For Healthcare ciSos to close the Faucet of Data loss From endpoints - Forrester, 2015 http://www.darkreading.com/attacks-and-breaches/sony-data-breach-cleanup-to-cost-$171-million/d/d-id/1097898? http://www.oracle.com/us/corporate/profit/big-ideas/010312-data-1917731.html http://www.ponemon.org/blog/ponemon-institute-releases-2014-cost-of-data-breach-global-analysis http://www.csrps.com/faqs-0 http://www.visionpayments.com/faq/personally-identifiable-information/ http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html http://www.tomsguide.com/us/target-neiman-marcus-data-breach-faq,news-18199.html http://www.eweek.com/security/personal-information-on-enterprise-devices-carries-security-risks.html http://www.dhs.gov/sites/default/files/publications/privacy/Guidance/handbookforsafeguardingsensitivePII_march_2012_webversion.pdf http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks http://www.bbc.com/news/business-25525621 http://blogs.wsj.com/cio/2015/07/10/the-morning-download-outdated-tech-infrastructure-led-to-massive-opm-breach/ Verizon 2015 Data Breach Investigations Report INTELLECTUAL PROPERTY THEFT SOURCES: