Data Loss Prevention or DLP is the practice and usage of tools, technologies, and processes to detect and prevent data breaches and to ensure that sensitive data is not misplaced. This practice is to ensure that data is not lost or leaked illicitly outside of the organizational boundaries. Common data loss prevention processes and practices include alert systems, encryptions, filtering data streams, monitoring cloud data, monitoring and controlling endpoint devices activities. Data loss prevention practices also include reporting for legal liability protection, compliance, and auditing requirements.
Data loss prevention is important to ensure that intellectual property is protected and that data is not accessed by unauthorized users and maliciously used. Both internal and external users can be negligent or malicious to your organization. With data loss prevention practices in place, an organization can prevent data breaches which in turn protect valuable and sensitive information. Data loss prevention is also essential to be compliant with many legislations and regulations regarding sensitive data within an organization. Those who violate these legislations and regulations are subject to harsh fines and legal liabilities that could obstruct the daily operations of a business or even cause a business to go bankrupt. Depending on the industry and region(s) a business operates in, there are different legislations and requirements that govern the protection and use of a business’ and its customers’ or patients’ data.
The employee offboarding process presents significant data security risks. Employees have intimate access to corporate data, insider knowledge of the organization’s systems, and a level of trust that can allow them to steal data undetected.
These vulnerabilities need to be addressed as part of any insider threat management program. Click here to learn the best practices for protecting data during a termination and gain access to a downloadable IT offboarding checklist.
There are many data loss related incidents from different industries that cost organizations millions of dollars, thus it is critical for organizations to protect their data both internally and externally. Some examples of organizations that experienced data breaches are the Korean Credit Bureau, Sage, and Waymo. The Korea Credit Bureau had the personal information of 20 million citizens stolen due to the negligent use of portable storage devices by an internal employee. Sage, a UK accounting and payroll company, experienced a similar event where an employee stole personal information to use for fraudulent purposes. Waymo also experienced an internal data breach where an employee attempted to sell Waymo’s intellectual property on autonomous vehicles to one of their competitors called Uber. Data breaches have become quite common, in fact, during the year 2018 over 1200 breaches and over 440 million records have been exposed in the United States alone. Organizations can prevent data breaches using data loss prevention practices and tools that enhance the security of their data.
Regulated data include but are not limited to, personally identifiable information (PII), protected health information (PHI), payment card information (PCI) and more. Councils and legislations regulate organizations that collect and store sensitive data such as the ones mentioned above. Examples of regulations and legislations that govern the way data is handled within an organization include Health Insurance Portability and Accountability Act (HIPAA), Personal Information Protection and Electronic Documents Act (PIPEDA), Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Regulation (GDPR). Data loss prevention practices can ensure an organization to be compliant with these regulations and protect the organization from fines and legal liabilities.
In order for an organization to protect itself from data breaches, compliance policy fines, and legal liabilities, an organization must exercise data loss prevention practices. Here are some of the preliminary parameters an organization should define before considering data loss prevention solutions.
Type of Data being retrieved and stored: Before considering data loss prevention solutions, an organization must determine the content of the information they are handling to decide whether their data needs to be protected. Examples of data that require protection include intellectual property, financial data, trade secrets, PII, PHI and PCI. Knowing the type of data being handled will determine whether an organization’s information can be used maliciously or whether the organization is subject to any compliance policies, regulations, and liabilities.
Where is the Data being stored: To implement data loss prevention solutions and to protect the data being handled, it is important to know where the data is residing. An organization’s data can be stored both internally and externally, it is important to identify the exact storage location of all sensitive information. Storage locations on-premise include databases, workstations, network drives, servers, and more. Examples of external storage include mobile devices (tablets, laptops, smartphones), portable storage devices (USB drives, external hard drives), file-hosting/cloud services (Dropbox, Google Drive, Onedrive), email, instant messaging channels.
Who is Accessing the Data: It is good practice to identify who has the authority to access the sensitive data and who is accessing data on a regular basis. Knowing exactly who, when, and where someone is handling the data will give an organization a better understanding of how to better protect their data internally from negligent or malicious employees. A few ways an organization can implement data loss prevention practices on its employees is through training and limiting activity or access. In the event that an internal data breach occurs, an organization can investigate and take action on the incident more effectively.
Data Breach Recovery Plan: When your data has been compromised, corrective action must be taken. Having a data breach recovery plan in place is one of the most important data loss prevention practices that can help reduce the impact of a data breach and increase the chances of eliminating the threat entirely. Here are some of the common steps in a data breach recovery plan.
When an organization has been attacked one of their first actions is to halt and freeze all operations in the organization to prevent the attack from spreading and impacting other areas. This can also help investigate the origin of the breach by eliminating the noise from daily operations.
The next typical step would be to ensure that all auditing and logging systems are still running for investigative purposes and to determine if it has been disabled by a malicious user.
Another common action to take when there has been a data breach is to lock or change all credentials of all accounts involved with the data to prevent negligent/malicious users from doing further damage.
Once the data breach impact has been mitigated the next step is to take investigative action. Firstly, the impact must be assessed in terms of what information was maliciously accessed and what databases or systems were compromised. Next is to investigate how the breach happened. Which accounts or credentials were used, what devices were connected to the network, did an employee act negligently with an unencrypted company device.
After the data breach investigation is complete, a solution to remedy and eliminate the breach is needed. This solution depends on the cause of the data breach and can include software updates, configuring firewalls, increasing information security, decommissioning a company device and more.
One tool that is useful for implementing data loss prevention practices in your organization is CurrentWare’s AccessPatrol. This software helps to prevent the loss of intellectual property and other types of sensitive data by monitoring and controlling all endpoint device connections in all computers within your organization. The tool is designed to provide your organization with technology that can detect and restrict endpoint connections and endpoint activities on a computer or a user basis. AccessPatrol is a great data loss prevention solution for preventing the theft of data from malicious users and reducing the risk of negligence. By restricting unauthorized endpoint devices, AccessPatrol prevents malicious users from stealing sensitive information or upload malware onto your network. It is also great for data breach investigation with its auditing and logging reports functionality.
Another data loss prevention tool is BrowseControl with its web filtering functionality. BrowseControl can block access to unauthorized malicious websites within your network. Additionally, BrowseControl is capable of restricting access to file-hosting, webmail services and email applications such as Google Drive, One Drive, Dropbox, Gmail, Outlook and more. Blocking access to these services can prevent users in your network from uploading and sharing sensitive information from your organization to their personal external storage. BrowseControl adds another layer of security for your organization and data loss prevention practices by restricting your users from accessing harmful websites and storing sensitive data outside of the organization.
Try out these Data Loss Prevention tools AccessPatrol and BrowseControl for free for 14 days