We have seen an increasing number of internal network threats, from spear phishing and mismanagement to intellectual property going out on a PDA attached to the network.
Many staff still believe that the use of the corporate network and company data is theirs to use indiscriminately. Of course organisations need to allow employees some flexibility, but with access control monitor and blocking of the company data. It's important to remember that this is the responsibility of the organisation itself - not everybody has the company in their best interests.
Companies need to reduce the frequency and severity of both inadvertent and malicious data loss incidents to protect their brand and reputation, safeguard customer data, protect intellectual property and show compliance.
IT security is evolving and solutions are becoming more sophisticated. To manage data at rest, choose a solution that discovers exposed customer data, including account information residing on shared file servers, web servers and desktops. Make sure the solution automatically quarantines or deletes this data.
It's just as important to prevent customer data leaving the network, for example, when an employee planning to work at home tries to send a customer data file to their Yahoo! mail account. Make sure you can block the transmission, unless the individual is authorised to do so.
Remember, data is your property. It is your responsibility to protect it and manage it well.