Every business has data in needs to keep confidential, and in many cases failing to do so will significantly impact the business. It could be a client list you don’t want your competitors to see. It could be personal data about your customers you are required to keep safe by data protection laws. It could the source code to and in-house application, a secret manufacturing process or some other trade secret.
Whatever your critical data is, you need to think carefully about how you protect it. Data loss prevention (DLP) technology could help.
Data loss prevention could be a simple as stopping emails with attachments, or as complex and Artificial Intelligent algorithms inspecting outgoing data for leaked information.
When putting together a DLP strategy you must identify all your information assets and consider all the paths information can take out of your IT systems (and out of your business), Files could be copied onto USB drives, uploaded to file sharing sites, or emailed as attachments. Strategies need to be developed to address these options (e.g. disabling USB access from company computers or blocking attachments of certain types).
Whatever technology you use, it is very difficult to stop any data loss without also impairing your employee’s ability to do their jobs. For that reason we recommend a range of measure to keep your data safe.
A combination of staff policies (so that staff know what is and is not allowed), technical controls (to stop most of the disclosures), and monitoring (so that staff know any breach will be detected) deliver the most effective data loss prevention strategy.
It is important that staff know they are not allowed to move certain data outside of the business. Making it a condition of employment that these policies are adhered to means a member of staff who does not follow them could face disciplinary action.
Be sure to regularly remind staff of this policy.
Technical controls can help with accidental disclosures, and will go some way to preventing deliberate disclosure, but a determined and knowledgeable person would likely be able to circumvent all but the most restrictive controls.
It is for these reasons we recommend they be used in conjunction with Staff Policies and Monitoring.
The real power of monitoring comes from Staff being aware it is happening. If you monitor your key information assets being accessed or copied, staff are much less likely to access or copy them without a legitimate reason.