Whether it is personal data, corporate secrets or "just" business contacts – when internal company data gets into the hands of outsiders, there are often grave consequences for business. Such information can reach competitors, and in some cases the public authorities might get involved in investigating data protection breaches. The loss of security within the company is significant, but the main impact is a loss of trust, which is usually difficult to restore.

The biggest challenge in data leakage prevention (DLP) is the fact that data is not simply lost or missing, but is diverted without any detectable change. Solutions that log which users access which data are therefore an important tool in pinpointing data leaks. They also help identify in-house data thieves; according to one corporate trust study, employees were responsible in 24% of all cases of unwanted information leakage.

To protect sensitive data, the first thing to do is determine what information will be stored where, and which employees have access. Critical information has no place on personal smartphones or in folders on computers that are accessible to everyone in the company. An effective basic security measure is access control using a centrally managed and regularly monitored authorization structure.

Loss of information by employees is not always malicious. Far too often they are the victims of scouts who present themselves as new colleagues on the telephone, or ask for information under false pretenses in the name of a research institute. Training is therefore another essential feature of a trust management strategy, as knowledge of even the most basic threats is often lacking and Trojan-horse gifts such as infected USB drives continue to find their way into company networks.

Another chronically underestimated problem is decommissioned hardware. Hard drives that are nominally "erased" still contain data that can easily be recovered by specialists. Here, specialized data deletion software or degaussers can significantly increase security.

Employees must be included in an integrated security strategy to the same extent as all of the devices, and throughout their life cycles. IT still has a great deal of trust-building to do on the way to the Internet of Things. Public sensitivity to data security is higher than in any other area.