Data is the most precious asset a company has, from copyrights and client lists to sensitive information about employees. Most data is now in electronic form. It is created and accessed through software, databases, and other tools, making it vulnerable to loss and theft.
What You Will Learn:
- What is data loss prevention? How to take care of your data security
- Main Components of DLP: A small glossary
- Data loss prevention software: why and how to choose
- Questions to ask potential vendors
Let’s start with a real-life experience. When working with an advertising agency, one of my colleagues sent an internal document with all invoices, including prices related to an essential client, to the their account manager’s email address. But unfortunately, instead of choosing the Company/Account she chose the client Company – and the client ended up with a ready-made argument on how to lower their fee. The colleague soon became an ex-colleague, and the client left the agency shortly afterward.
Even though this scenario may seem like an exaggeration, these kind of mistakes happen in every company. Furthermore, they are compounded by malicious intent, such as a disgruntled employee stealing a client’s database to sell to acompetitor, or a contractor downloading a list of every transaction made.
What is Data loss prevention? How to take care of your data security
Data loss prevention (DLP) is simply a process of securing your sensitive data from being lost, accessed by unauthorized persons, or misused. This process usually uses a tool, such as DLP software and platform, to classify data and determine what to protect, and actual protection of that data by implementing/enforcing security policies.
This approach is not only in the company's business interest, but also legally required by regulations such as GDPR, HIPAA and PCI-DSS. And of course, this process needs to be embedded into company processes and data handling. Every company to some extent, needs to resolve the following issues:
- The protection of intellectual property and trade secrets is vital for your organization's financial results and your brand reputation.
- Regulatory compliance to ensure the compliance with information protection security acts, to detect and prevent regulatory violation.
- Insight into your organization effectivity to optimize internal processes and resources, such as hardware or software use.
The Main Components of DLP: A short glossary
Let's take a look at DLP and what you need to take into account when setting up this process. This will come in handy when discussing the uses and advantages of specific data loss prevention software.
The most important asset is data.
The most important asset is data.
- Data at rest: data stored in archives and databases that is not actively accessed or processed.
- Data at motion: data in transit or in flight that is moved from one location to another, i.e., by copying or downloading. This transfer may happen within an organization network or outside it. Both types need to be protected and are most vulnerable to attack or threat.
- Data in use: active data that is currently being read, processed, updated or deleted by the system.
Data loss prevention software protects this data against some types of data incidents. These incidents may vary according to their intentionality (from mistakes to thefts) and with different levels of severity and extent.
- Data loss: event that results in data being deleted, corrupted, or made unavailable
- Data leakage/data leaks: unauthorised transmission of data
- Data breach: intentional or unintentional release of sensitive information
Even though the actual name "data loss prevention" implies that it prevents data loss, most software protects against data leakage and, in some scenarios, against data breaches. The term "data loss prevention" is used so widely, and has been for such a long time, it will probably remain the preferred way to describe a solution that makes it difficult for sensitive data to be leaked or misused outside a company.
These data issues can happen at endpoints, like on devices such as computers, mobile phones, tablets, or printers and USBs, or on shared folders, NAS, or servers. Endpoint security is a critical part of data protection in times of hybrid work and BYOD.
These data issues can happen at endpoints, like on devices such as computers, mobile phones, tablets, or printers and USBs, or on shared folders, NAS, or servers. Endpoint security is a critical part of data protection in times of hybrid work and BYOD.
The most critical process is determining the value of data, since not all data was created equal.
It is important to consider the following when determining the value of data:
- Data identification and classification simply means discovering where the data is and if it needs to be protected, and to what extent. This process may be manual, using rules and metadata, or semi-automatic using content & context classification and end-user classification. In the future, AI and ML could theoretically enable fully automated classification (but should still be subject to human control). Data classification is done using content and context.
- Content of the data: if a document contains credit card numbers or hospital patient information, it would be worth preventing it from being sent to persons outside the company or even unauthorized persons within an institution.
- Context of the data: where and when the information was created, where was it stored, and how it was changed.
- And finally, with all these components in place, you may be able to detect data leaks and/or prevent them. Detection means having the information after the fact (such as an alert that an employee sent a sensitive file outside the company). In contrast, prevention means making sure a leak doesn't happen (e.g., when attempting to upload a file to the internet, the upload is blocked).
Data loss is caused by internal and external actors.
"Next time we run a company, no employees." Chief data security officers would agree, since around half (from 40% to 60%, according to different sources) of data breaches are internal. They come from employees, contractors, and other actors connected to the company. What are the most common scenarios?
Mistakes: sharing sensitive data outside a company can happen in a blink: replying to all or sending to the wrong person. This unintentional or negligent data exposure constitutes the majority of data leaks.
Intentional disclosure of the information: an internal actor, such as an employee or a contractor, moves sensitive data outside the organization for their own benefit.
Use of incorrect software or process: uploading a client's file on a public repository, or using a public computer or wifi areexamples of another common problem. "Shadow IT", i.e., the use of unauthorized software and services, may be improved through employee training, but data loss prevention software can systematically solve this issue, like blocking data transfers to those services.
Theft or loss of devices: hybrid work results in the increased portability of company devices and therefore more occasions for loss or theft. You may remember the Secret service agent's stolen laptop that contained Hillary Clinton's emails. Or read our article about the risks of external devices.
Data loss prevention software: why and how to choose
DLP software identifies, detects, and protects an organization's sensitive data, whether they are at rest, in motion or in use on its different endpoints.
The main advantages of data loss prevention software are protecting a company’s reputation and upholding its business value by detecting or preventing data leaks. In the first case, it lets you take appropriate measures and mitigate incidents; in the second, it prevents incidents from even happening. In the wrong email address example, detection could mean determining that a sensitive document was sent to an unauthorised address; prevention would be not allowing the employee to send the material at all.
Another long-term benefit of these solutions is employee education. Because they are warned or notified of unauthorized data-related operations, they learn and internalize the correct way to manage sensitive. As demonstrated, the weakest link of every security solution is human. By educating employees, contractors, and other internal actors, a company can improve its data security in the long run. Some DLP platforms incorporate this already: a user can upload a sensitive file by justifying the action, knowing that everything is logged.
How to choose a DLP solution? First, you need to determine what legal frameworks apply to your company and what main scenarios you want to protect: audit and monitor your data, protect your data against insider threat or audit your company's use of resources.
Questions to ask potential vendors
- Does it cover the security scenarios of your organization?
- Is it sufficient for the size and complexity of your organization?
Your ideal vendor should work with you during each step to help you determine the extent of the solution you need, starting with a data management audit. Implementing data loss prevention does not stop with the choice of vendor and setting up the software. Even though it is usually the IT department who runs this initiative, all employees should be aware of the process and educated about the use of the selected software and correct data-related behavior.
While the end-user of DLP software is often a single technician, the information gathered offers essential information concerning company-wide issues, such as the rise in data incidents, a sudden surge of insider threat, or sub-optimal use of company resources.
If you want your platform not only to deliver protection and prevention when it comes to data security but also offer you valuable insights, incorporate them into your reporting stack and make it part of your data-driven management.
While the end-user of DLP software is often a single technician, the information gathered offers essential information concerning company-wide issues, such as the rise in data incidents, a sudden surge of insider threat, or sub-optimal use of company resources.
If you want your platform not only to deliver protection and prevention when it comes to data security but also offer you valuable insights, incorporate them into your reporting stack and make it part of your data-driven management.
Your data is your most important asset – protect it accordingly.
Data loss prevention software helps not only protect company sensitive data against insider threat and loss but also helps to future-proof your organization when it comes to business continuity, reputation, and knowledge management. It is an important part of data-driven decision-making, helping you prevent or resolve data-related incidents and educate employees about the necessity of treating data as the most critical business asset.
Choosing and implementing DLP software are integral parts of a company-wide initiative for general data management and protection. Just as it is normal for a company to protect its data against external attacks by using antimalware and firewalls, antimalware, and secure web gateways, it should also be natural to use DLP software to protect the data against loss and insider threat.
Choosing and implementing DLP software are integral parts of a company-wide initiative for general data management and protection. Just as it is normal for a company to protect its data against external attacks by using antimalware and firewalls, antimalware, and secure web gateways, it should also be natural to use DLP software to protect the data against loss and insider threat.
Why Safetica
Learn how can Safetica meet company sensitive data protection and operation audit goals.
Author
Dita Eckhardtova
Next articles
Data security
Blog articles
Data security
Blog articles
Australian Privacy Principles: The Scope, Purpose, and How to Comply
The 13 Australian Privacy Principles (APPs) are the cornerstone of the country’s privacy protection framework under the Privacy Act 1988 and regulate the collection, usage, and disclosure of personal data, applying to both government and private sector organizations within Australia.
Data security
Blog articles