Sunday, December 12, 2010

Data Protection – For the Rich Only?

“Preventing improper information leaks is a greatest challenge of the modern society” state Aldini and Alessandra (2008).There are virtually countless ways (channels) sensitive data can be leaked through. First, there is a question of the intent; data leakage could be intentional, for example through a disgruntled employee who wishes to take a “souvenir” home, or unintentional as a result of a simple misunderstanding of security best practices. Then, technical and business environment should be evaluated and assessed to determine the most efficient and cost effective way to safeguard the data.
When discussing data leakage and protection on the consumer market, the boundaries between intentional and unintentional data leakage blend. Security aware consumers are not disclosing information such as credit card numbers, bank accounts and birth dates publicly, therefore it is safe to assume that it is either published as a result of a lack of understanding of security best practices or the malicious information theft.
Chichowski (2010) notes seven technologies that could prevent or limit data leakage for small and medium businesses. These include hosted Email security, Web/URL filtering, anti-malware software, patch management and whole disk encryption. Google (2010) provides a similar checklist consisting of eighteen items to make sure information is secure. Based on Pareto principle, by implementing those technologies a consumer could reduce the overall risk of data leakage by 80%. The question arises: are these technologies for rich only?
Instead of using locally installed E-mail security software which is capable of filtering spam, detecting phishing attacks and scanning for viruses, a consumer could use web based Email accounts such as Google, Live and Yahoo, which provide different levels of security. For example, Google Mail provides all of the above mentioned capabilities in addition to free storage space.
A number of security software vendors, including segment leaders such as Symantec and Kaspersky, offer free anti-malware scans capable of detecting “viruses, Trojans, Spyware or other malicious codes” (Kaspersky, 2010). In addition, free security software such as McAfee SiteAdvisor and AVG LinkScanner allow users to check the reputation of each website before opening it in a browser.
Today update or patch management technologies are an integral part of operating systems and consumer applications. For example, Microsoft Windows 7, Ubuntu OS and Mac OSX all come with build in update manager, which informs the user when security and regular updates become available. On Ubuntu, patch management software updates applications managed by the operating system such as Open Office, Firefox Web Browser and Adobe Reader.
Full disk encryption technology intends to provide last resort protection in case a laptop or a desktop is stolen. Encrypting the data stored on non-volatile memory devices such as hard drive, solid state disk or removable USB device prevents malicious users from accessing the information stored. In additional to corporate solutions such as PGP Full Disk encryption and McAfee Endpoint Encryption , Check Point Full Disk Encryption, there is a number of free applications capable of protecting These are: Microsoft BitLocker Drive Encryption and TrueCrypt.
It is evident that the security aware businesses and consumers have a wealth of options when in comes to technological solutions to protect sensitive or personal information. According to AVG Technologies (2010) only “46% of identity theft victims installed antivirus, anti-spyware, or a firewall on their computer after their loss”, therefore the main problem lies in the security awareness of the users rather than in the availability or cost of data leakage prevention solutions. While in large enterprises, Chief Information Security Officer (CISO) is required to provide internal employees with the security awareness program to, the question that remains open is: Who is responsible for the educating the end user when in comes to consumer market?


  • Aldini, Alessandro, and Alessandra Pierro. 2008. "Estimating the maximum information leakage." International Journal of Information Security 7, no. 3: 219-242. Business Source Premier, EBSCOhost (accessed December 12, 2010).
  • AVG Technologies (2010), AVG LinkScanner [online]. Available from: (accessed December 12, 2010).
  • Chichowski, Ericka. 2010. "Sound the Alarm." Entrepreneur 38, no. 6: 54-59. Business Source Premier, EBSCOhost (accessed December 12, 2010).
  • Google (2010), Gmail Security Checklist [online]. Available from: (accessed December 12, 2010).
  • Kasperski (2010), Free Virus Scan [online]. Available from: (accessed December 12, 2010).

No comments:

Post a Comment