Tips for Data Loss Prevention – Cybersecurity Planning For The Inevitable

Angela Cheong
Nov. 15, 2013 by Angela Cheong

In 2012, 2644 data breach incidents were reported worldwide, and it is thought that the statistic represents only 10% of actual cases. Of these reported data breach incidents, 97% of them were avoidable.  In total, 267 million records were exposed, $5.5million was the average cost of each breach and the overall impact of reported data breaches is $8.1billion.

These sobering statistics preceded the data loss prevention talk by Craig Spiezle, Executive Director & President of the Online Trust Alliance during the Best Practices track at Interact 2013.

Craig Spiezle

In a data-driven economy, more personal information on consumers is being collected, and likewise, data breach repercussions are becoming more severe. Perhaps, one of the most embarrassing things for companies that experience a data breach is explaining why they possess such information on their consumers in the first place – which might account for why such a large percentage of breach incidents go unreported. In the European Union, Internet service providers have 24 hours from the moment of the discovery of a data breach to report the incident to the authorities.

All companies must operate under the assumption that the data they possess includes confidential information subject to regulatory requirements and that there will come an unfortunate day that they will experience a data breach. As such, security and privacy by design needs to be part of your corporate DNA. Data stewardship is everyone’s responsibility and data security policies need to be continually reviewed. The absence of a plan is clearly disaster.

Zappos, for example, was a brand that floundered in the wake of a data loss incident. With no clear internal communication or pre-prepared phone scripts to help their staff deal with anxious customer enquiries, the brand struggled to deal with phones that were ringing off the hook when 24 million records were compromised.

In the US, there are 46 different regulations that deal with data breaches – this means that in a data breach scenario, your business would need to notify 46 different states, all of which have different processes for reporting the breach.  Conversely, the European Union, is moving towards one regulation and one notification point. If a data breach is specific to one country however, you might not need to notify everyone.

Data Security Best Practices

While you may not know when you will have a data breach, there are ways to make sure that when the time comes, you are able and ready to deal with it.

  • Create an incident response team.
  • Have a draft email that is ready to go out to partners in the event of a data breach.
  • Create a relationship with your local FBI so you know how to contact in the event of a breach.
  • First responders and PR teams must be briefed and prepared in the event of data loss eg. media and social monitoring.
  • Consider a contract with a forensic company beforehand or a company with data breach remediation.
  • Think about where funding will come from and consider insurance coverage.
  • Create a website section for Frequently Asked Questions and consider translating it into different languages.

A data loss incident can cause significant damage to brand reputation.  In a keynote at Gartner Symposium/ITxpo 2013, Goggle Executive Chairman Eric Schmidt said that a significant data breach at Google Inc. would be “devastating” and threaten the company’s existence.

And in an industry that is being increasingly shaped by mobile behaviors, consider too that mobile has the potential to become compromised. The 2013 Data Protection & Breach Readiness Guide published by the Online Trust Alliance covers the topic of data breaches in far more depth and detail, so do download a copy of the report if you are interested in learning how to safeguard your brand!

Want to find out more about how to keep your email secure? Get the How DMARC Is Saving Email eBook and find out how this new authentication standard is putting an end to email abuse.

How DMARC Is Saving Email


  • Thank you for the beautiful and informative tips for Data Loss Prevention, and thanks also to share this.

  • I need to provide help if you have knowledge of techniques, methods or algorithms used DLP solutions to intercept packets on the network. I have not found anything specific on this topic. Them if I could help would be appreciated.

Related Content

Emailchella: How Music Festivals Send Email

Check out a few examples of how some of the leading music festivals send email before, during, and after their respective events to facilitate great CX.

read more

Looping Event Booth Videos: Lights, Camera, Action! - Part 2 of 2

Our step-by-step guide will teach you how to make your event booth video file play on a low-cost device such as an Amazon Fire TV Stick.

read more

The Challenges of High-Volume Senders

Join us for our upcoming webinar on March 26th with Blueshift and LendingTree where we will discuss and address the challenges of high-volume senders.

read more

Get started and start sending

Try SparkPost and see how easy it is to deliver your app’s email on time and to the inbox.

Try Now

Send this to a friend