Download our FREE whitepaper on data loss prevention best practices. Download Now

5 Ways Large Enterprises Protect their Data

Data protection has become an essential part of all business strategies, no matter the company’s size. In many countries, it has become a legal obligation. Data protection legislation such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) regulate the collection, processing and storage of personally identifiable information (PII) such as names, addresses and phone numbers and grant several rights to data subjects.

The global average cost of a data breach reached $4.24 million in 2021, according to the Cost of a Data Breach Report 2021 released by IBM and the Ponemon Institute, a 10% increase from the previous year. The jump in cost was associated with increased regulatory fines but also the impact of remote work during the pandemic.

Hackers have also evolved the way they execute cyberattacks. Nowadays, it’s easier to use phishing and social engineering attacks to infiltrate a network and spread malware and ransomware. Identity theft or tricking employees into revealing credentials, or clicking an infected link or attachment is all cybercriminals need to gain access to a work laptop. Once inside, they can easily infect the entire network.

Big companies are, in many cases, way ahead in the data protection game, having already built their security policies and tested them for the last few years. However, their requirements are also more complex. Many of them need to protect other categories of data beyond customer information, such as intellectual property and financial data. Let’s look at the most successful ways to protect data in an organization and ensure corporate data security.

1. Advanced protection against external threats

To address external security threats, big companies deploy and regularly update basic measures such as two-factor authentication, firewalls and antimalware solutions. They also go further by implementing more advanced strategies such as Trusted Platform Module (TPM) capabilities and adopting Zero Trust architecture.

Zero Trust architecture proposes a new way of tackling cybersecurity: never trust, always verify. It ensures that users, devices, and network traffic are all verified and subject to least-privilege rules when accessing trusted resources. In this way, if one computer becomes infected, attackers are prevented from moving laterally across the network.

2. Knowing where data is and where it’s going

One of the most crucial steps towards efficient data protection is knowing exactly which data is being stored and where. By accurately identifying their data lifecycle and the security risks associated with it, companies can make informed decisions concerning the measures they need to protect it.

Large organizations use Data Loss Prevention tools such as Endpoint Protector to scan company networks for sensitive data. When finding it in unauthorized locations, they have the option of deleting or encrypting it. In the age of data protection regulations, transparency is key both for compliance and for building effective data protection policies.

3. The use of encryption across the board

From encrypted hard drives, USBs, and smartphones to data encrypted prior to its transfer to the cloud or onto portable devices, encryption has become essential to protect sensitive company data and secure customer data.

Encryption tackles two common data protection vulnerabilities in today’s global economy: a workforce constantly on the move and the rise of remote work. With devices frequently leaving the safety of company networks, encryption ensures that, in case of theft or loss, the sensitive data they contain is inaccessible to outsiders.

4. Educating employees at all levels

The human factor is often the biggest vulnerability in the data protection chain. Large corporations ensure employees are informed of compliance regulations and best security practices, providing them with both training and clear guidelines for those coming into contact with the most sensitive data types.

C-level executives are frequently targeted by malicious outsiders due to their high-level access to data. Big companies take special care that higher management does not circumvent the rules as it is essential that the same level of data security is maintained across the board, not only horizontally but also vertically.

DLP solutions can act as an effective method of enforcement by setting clear policies that protect and restrict access to sensitive data. Levels of access to data can be controlled based on groups, departments, specific users or endpoints.

5. Creating BYOD policies

As companies embrace Bring-your-own-device (BYOD) policies that increase productivity and reduce costs, they often ignore their security implications. Accessing sensitive information on personal devices means that data is travelling outside the confines of the company network, effectively rendering any security measures taken to protect it moot.

Big organizations restrict the sort of data that can be transferred outside company devices. At the same time, device control policies can be applied, which ensure that only devices that meet a certain level of security are trusted. In this way, employees are given the option of aligning the security of their personal devices to the level required within the company. If they choose not to apply them, it guarantees that no sensitive data is allowed to be transferred to them.

As we move forward into the age of data protection by design and by default, mid-sized and small businesses must follow in the footsteps of larger companies and adopt security plans to protect data from insider and outsider threats.

 

Frequently Asked Questions

What are some steps to build a solid foundation for data protection?
There are a few basic steps organizations can take to build a solid foundation for data protection: define your sensitive data, establish data protection policies, employee training, use specialized software to protect your data.

Read more on how to protect your sensitive data.

What is and how to protect data in motion?
Data in motion, also referred to as data in transit, is digital information that is transferred between locations either within or between computer systems. It can be data sent from desktop to cloud, portable devices or other exit points. Once the data arrives at its final destination, it becomes data at rest. In order to avoid data breaches, you need to: identify critical assets and vulnerabilities, define security framework for data, and implement technologies and processes.

Read more on how to protect data in motion.

What is and how to protect data at rest?
Data at rest is static data stored on hard drives that is archived or not often accessed or modified. Usually, conventional antivirus software and firewalls are used to protect data at rest. However, these do not guarantee safety from phishing attacks for example that can target specific individuals, corrupt one workstation and then proceed to attack the rest of the network. Solutions such as Endpoint Protector, through its eDiscovery module, can scan data at rest stored on employees’ endpoints for sensitive data based on predefined or custom content, file name or particular compliance profiles. Based on the results, it can then encrypt or delete the data to protect from potential breaches.

Read more on how to protect data in motion.

Why adopt a DLP solution?
Data Loss Prevention (DLP) solutions help companies to safeguard valuable business information such as customer data or intellectual property, as well as minimize the risk of a data breach which can lead to economic losses, reputational risk, or legal problems. Organizations adopting a DLP tool can ensure protection against both malicious and negligent insider threats, as well as meet the compliance requirements of data protection regulations such as the GDPR, PCI DSS, HIPAA, or CCPA.

Read more on top reasons to deploy and endpoint DLP.

explainer-c_learning

Download our free ebook on
Data Loss Prevention Best Practices

Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.

In this article:

    Request Demo
    * Your privacy is important to us. Check out our Privacy Policy for more information.