The advent of global online streaming services such as Netflix and Amazon Prime have boosted media productions across the world. Original content is being created for the platforms not only in the US, but in places as wide apart as Japan, Nigeria, and Colombia. This has meant more business for media companies and their supply chains, but also a higher likelihood of leaks and data loss.
Sony was the first major studio to suffer a disastrous data breach. In 2014, cybercriminals stole the personal information of Sony Pictures employees and their families, confidential e-mails, copies of then-unreleased Sony films, movie scripts, and more. They also wiped Sony’s computer infrastructure using malware. Breaches that affected Disney, HBO, and Netflix soon followed.
While big motion picture studios seem like an obvious target for malicious outsiders, due to their size and resources, they typically benefit from up to date security practices and well-funded cybersecurity departments. However, their supply chains often include smaller companies such as those specializing in post-production and visual effects. For big streaming platforms like Netflix, when they commission content in multiple countries, they work with national studios and production companies. All these organizations have direct access to valuable content, but rarely employ data security experts in-house and therefore are easier targets for cyberattacks.
Media companies of all sizes can benefit from Data Loss Prevention (DLP) solutions. While DLP is often talked about in the context of sensitive data as defined by data protection legislation, e.g. personally identifiable information (PII), they can also help media organizations secure data deemed valuable within their own industry.
Customizable sensitive data policies
Media companies must also comply with data protection regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) and protect the personal information of their employees and customers, but they must also protect data that is considered sensitive within their sector. Whether it’s digital assets, video and audio content, sensitive documents such as movie scripts or production details, media companies must safeguard data in order to ensure that they do not lose money or the trust of their clients through leaked content.
DLP solutions come with predefined profiles for sensitive data which include PII, but organizations can also create profiles that serve their specific needs. They can, for example, apply data protection policies based on file extensions they work with, such as video, graphics, or audio files. They can also add keywords that, if found in documents or files, would immediately flag the content as sensitive. By creating these specialized data protection profiles, media companies can control and monitor the transfer and use of confidential data.
Identifying weak links
One of the key aspects of DLP policies is that they not only ensure that sensitive data does not leave the company network, but they also flag any attempt to violate data protection policies, informing companies of who tried to do what, when. This makes it easy for media organizations to identify weak links in their security policies and individuals who may require data security training.
Employees are often unaware they are not allowed to share certain content or feel the need to share it while trying to solve issues they come across. They can also use unauthorized third-party services while performing their duties. All these scenarios present a liability to media organizations. This is why it’s important to provide employees with adequate training. Through DLP solutions, companies can discover which individuals fail to follow data security best practices and which kind of situations can lead to an attempt to violate policies. In this way, training exercises can address specific real-world circumstances, helping employees to make informed decisions when they come across them while working.
While many data protection strategies focus on ensuring sensitive data is not transferred or stolen over the internet, they sometimes forget it is easy to simply connect a removable device to a computer and copy important files stored locally on hard drives. Especially in the media and entertainment sector, where large files often mean transferring them over the internet may be time-consuming or unfeasible, removable drives can be used to transfer data from one media company to another or between different teams working on the same project.
However, it’s important to ensure no outsiders have the same privileges or that employees are not tempted to use potentially infected or unsecure devices to execute physical data transfers. Through DLP solutions, media organizations can control the use of computers’ USB and peripheral ports, limiting the use of removable devices to secure company-issued devices or blocking their use altogether.
Protecting data on the move and at home
Like most industries, the media sector has also been hit by the COVID-19 pandemic which means that many employees have started working from home. From Disney to Sony Music and Universal, all the major industry players have allowed their office employees to work remotely. And it’s not just them: musicians are recording at home with remote support from producers and many graphic designers and visual artists are also working from home.
This makes the security of content hard to manage for media companies as they cannot control the physical or virtual security of home offices and studios. DLP solutions, however, when applied on the endpoint, can continue to work remotely, whether a computer is connected to a company network or the internet or not. In this way, companies can continue to ensure data is not being transferred over unauthorized channels and employees do not by-pass security policies while working in a home environment.
The media industry is one of the sectors where confidentiality and data security are key to ensuring business profitability, whether it’s through finished products or by building trust with clients requiring their services. By allowing companies to define sensitive data based on their needs and using the full extent of their features to protect it, DLP solutions give media organizations the power to protect what is most valuable for their business operations.
Explore More on Compliance
Interested in diving deeper into the world of Compliance? Check out these hand-picked resources to expand your knowledge:
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.