The reason we implement a DLP plan is to ensure customer data is protected from cyber criminals. If a customer’s data is breached, that customers trust in the company could be diminished to a point where they take their business elsewhere. There could be additional financial losses too, like fines, lawsuits or even loss of lucrative IP and trade secrets.
Essentials for Data Loss Prevention Planning
There are three kinds of data that must be protected when constructing a DLP plan. Encryption, Password Protection and Data Masking are effective protection measures, but there are additional ways to ensure your information remains safe for each.
Data at Rest
Computer data spends most of its life “at rest.” This is any data that is not being transmitted or acted upon at a particular moment in time and is stored on hardware like databases, file servers, and backup drives. Encryption, password protection and data masking are effective protection measures, but a good DLP solution will be able to monitor all file storage locations for inappropriate behaviour, and help prevent practices like copying files to a USB drive. Do you have third party vendors that are privy to your sensitive information? If so, review and scrutinize their security measures and DLP plans to ensure that your data is being handled properly and safely.
Data in Motion
This data is moving through the network both in and outside the business. It is important to encrypt the network channel itself, as this will help protect the data being transmitted. A good solution will prevent unauthorized transfers of data, such as sensitive files being emailed through public webmail services like Yahoo. Also, be sure your network security software is updated with the latest available patches.
Data in Use
This is data that can be accessed on end-user devices, like a workstation, tablet or a smartphone. Keep an inventory of all of the mobile devices you use in your business. Create, enforce, review and update a BYOD (Bring your own device to work policy) Policy for your organization. Having a content security application installed on end-user devices will ensure that the policies are not violated, even when the device is used on outside networks.
Above all, the most effective way to prevent data loss is to educate employees on the importance of the issue. Instrumental to the success of any data loss protection plan is an employee’s comprehension of the risks and their ability to conform to the policies stipulated by the business.