The recent spate of high profile data losses aptly demonstrates the many ways in which data can go astray and reinforces the need to have every potential leakage point protected. Whether it is Wikileak-style insider activity, cyber-attacks from external hackers or careless unintentional loss of discs containing sensitive information, organisations need to have robust security policies in place along with measures to ensure that those policies are actively managed and enforced.

The threats are many and diverse, so organisations need to constantly review their policies, defences and controls, and to perform regular risk assessments to identify where there is potential for data loss and where additional protection needs to be put in place.

The recent Morgan Stanley case specifically highlights the need for a policy governing the transfer of information, including monitoring and controlling the transit of sensitive data. Best practice dictates that this should include a policy and process to limit which staff are authorised to handle and copy sensitive data onto removable storage devices, and the deployment of technology to monitor such copying to ensure that data is encrypted to the required standards.

The Morgan Stanley scenario also underlines the importance of user education and getting staff to treat company data with the same respect that they have for their own personal data. Empowering staff with information goes hand in hand with an understanding that they have an important part to play in protecting the organisation and its clients from the threat of data loss.