Data Loss Prevention Best Practices
There are few companies nowadays that do not keep digital records. Everything from accounting to marketing and basic communication happens on a computer and over the internet. This also means that every company, no matter its size, collects data.
Some of it, such as Personally Identifiable Information (PII) belonging to employees, customers, or stakeholders, is considered highly sensitive and protected by laws such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). In certain sectors, further specialized legislation exists such as the Payment Card Industry Data Security Standard (PCI DSS) in the case of financial data and the Health Insurance Portability and Accountability Act (HIPAA) for health records. For certain companies, the protection of intellectual property such as patents, proprietary algorithms, or media files, is also necessary for the success of their business operations.
Failure to protect sensitive information can come at a high cost: in 2020, the Ponemon Institute and IBM Security estimated that companies lost an average of $3.86 million/breach in their Cost of a Data Breach Report. The biggest contributor to data breach costs was lost business, with customer turnover increasing in the wake of security incidents. Companies must, therefore, implement data protection strategies to also avoid the financial and reputational fallout of a data breach.
Cybersecurity strategies often focus on external security threats such as malware and phishing attacks that are addressed through firewalls and antivirus solutions. However, while these are vital security measures for the protection of critical data, they do not address insider threats and employee negligence, which accounts for 24% of all data breaches. This is the gap in data protection strategies filled by Data Loss Prevention (DLP) solutions.
Highly flexible and adaptable to any company size, DLP technology can be tailored to different needs and support compliance efforts with new data protection regulations such as GDPR, CCPA, or HIPAA and standards such as PCI DSS. DLP solutions prevent data leakage and data theft by helping organizations find, monitor, and control sensitive data in real-time as it travels in and out of the company network.
But what are some of the best practices companies should adopt when implementing DLP tools? Here are our recommendations:
Identify and monitor sensitive data
Data protection begins with data classification and internal auditing. Companies must identify the type of sensitive data they collect, where it is being stored, and how it is being used by employees. Data loss prevention software comes with predefined profiles for sensitive data while also allowing companies to define new profiles based on their own needs.
By turning on data monitoring, companies can find out how data flows within and outside their network. It can help them discover vulnerabilities in data handling and bad security practices among employees. They can thus take more informed cost-effective decisions when developing their data protection strategies and provide more effective training for their employees.
Implement a cross-platform DLP solution
Due to the rising popularity of Bring Your Own Device (BYOD) and Choose Your Own Device (CYOD) policies, many company networks are no longer running on a single operating system. macOS and Linux are slowly catching up with Windows and organizations should not ignore them when choosing their DLP tools. After all, while macOS and Linux running devices might be considered at a lower risk from an external attack than those using Windows due to their architecture, the human error affects them all equally.
Cross-platform DLP software like Endpoint Protector offers feature parity between Windows, macOS, and Linux which means that sensitive data will have the same level of protection regardless of the operating system a computer is running on. It also allows for all endpoints on the company network to be controlled from the same dashboard.
Set up policies and test them
To control the sensitive data they identify, DLP tools offer companies a wide array of pre-configured rules and security policies that can be enforced across the corporate network. These can block confidential information like credit card numbers, social security numbers, or other personal data from being transferred via potentially unsecure channels such as messaging apps, file-sharing, or cloud storage services.
It can also limit who sensitive data is sent to by email. When it comes to data at rest, DLP solutions allow companies to take remediation actions and delete or encrypt sensitive data when it is found on unauthorized computers.
It is important for companies to not only set up these policies and choose which best fit their needs but to also test them out to ensure they secure data efficiently and they get the desired results. These policies are usually customizable so organizations have the opportunity to improve them based on test results.
Set different levels of authorization
Access to sensitive data and its use should be limited depending on an employee’s duties and the group they belong to. DLP tools allow admins to set up different levels of authorization for end users across a company network based on individual users, devices, groups, or departments.
In this way, companies can ensure that employees who do not normally work with sensitive data have limited or no access to it while not hindering the work of individuals who deal with it on a day to day basis.
Set up a remote work policy for DLP
The COVID-19 pandemic has shown companies everywhere that they need to be prepared to take their business remotely in case of emergencies. However, many organizations invested heavily in the security of corporate networks which, once a computer is taken home, can leave the sensitive data stored on it vulnerable to security threats and data leaks.
It is therefore important for companies to set up a remote work policy that includes endpoint DLP tools that will work outside the company network and whether a device is online or offline, so data is continually protected, no matter where a company computer is physically located.
Educate employees on DLP and data security
Finally, it’s vital that employees understand the need for a DLP strategy, the importance of information security, and the consequences of a data breach. Companies can use the results of DLP data monitoring to design training that addresses the blind spots in employees’ data security practices.
By offering relevant examples they come across in their daily tasks, organizations can raise awareness of bad practices and help employees correct them by offering them clear instructions on how to act in these situations.
An understanding of the usefulness of DLP strategies can also prevent employees from attempting to circumvent policies and instead report any problems they may be experiencing to admins who can then tweak DLP policies for higher overall efficiency.
Frequently Asked Questions
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.