Guest OpEd by Gilad David Maayan, CEO and Founder of Agile SEO
Data Loss Prevention (DLP) enables organizations to protect data against a wide range of losses, including theft, deletion, and modification.
Typically, organizations create a DLP strategy, according to specific needs and requirements and then choose relevant DLP tools. This article examines four DLP strategies and three DLP practices that any organization can leverage to avoid data loss.
What Is Data Loss Prevention (DLP)?
DLP is a set of practices used to protect against data loss, theft, or illegitimate modification. It is meant to ensure that data remains available to users while keeping the privacy and integrity of data protected.
DLP strategies are employed by organizations to secure sensitive or private information, meet compliance regulations, increase data visibility, and to protect business interests and customers.
The following factors drive adoption of DLP strategies:
Expansion and strengthening of privacy regulations
Increase of data breaches and customer awareness of data privacy
Increased accessibility of data created by cloud resources
Increase in the types and quantity of data stored digitally vs in analog
Causes of Data Loss
An organization can lose data in many ways, including the following:
Viruses and malware—attackers can use viruses or malware to gain entry to systems for data theft, corrupt data, or encrypt data for ransom.
Power failures—power surges or outages can damage hardware or cause unsaved data to be lost. Additionally, power failures affecting resources with security tooling can leave data unprotected.
Social engineering—attackers trick users into providing sensitive data or credentials by posing as a trusted source. This is often done in emails or by redirecting users to false sites.
Insider threats—including theft or destruction of data by employees, contractors, or attackers using compromised credentials. Threats can also involve loss or modification caused accidentally due to human or software errors.
4 Data Loss Prevention Strategies
When implementing data loss prevention, several strategies should be a part of every organizations’ practices.
These strategies can help you ensure that no data is overlooked, that data is appropriately protected, and that you can successfully monitor the status of your data.
Identify and classify sensitive data
You cannot sufficiently protect your data if you don’t know what you have or where it is stored.
To implement DLP successfully, you need to first create an inventory of your data. You can ID and classify data manually or with the help of automated data discovery tools.
For this inventory, you need to determine where data is stored, how much harm would be done if it was lost, what regulations apply to data, and who or what has access to data.
With this information, you can classify data and assign it to an appropriate level of protection.
Define remote work policies
The rising demand for remote work has caused many organizations to adopt bring your own device (BYOD) policies. These policies enable employees to use a range of personal devices, many of which operate on different platforms and may be used on insecure networks.
Ensuring that your data remains protected requires adopting tools and policies that enable you to monitor and manage how these devices access data.
You may not be able to directly oversee BYOD devices, however, you can monitor how data is transferred to and from devices.
You can also create policies that hold employees accountable for ensuring that devices are properly encrypted and protected with security measures.
Control endpoint connections
Endpoints are the gateways to your systems and are frequent points of attack. If a criminal can compromise one of your endpoints they can gain access to your resources and your data.
To prevent this, you should carefully monitor endpoints and ensure that your devices are properly secured.
Make sure that endpoints require authentication and authorization before access is granted and that any data transferred is done so with encryption. You should also disable any unused ports on endpoint devices to prevent unwanted connections.
Finally, consider applying whitelisting or blacklisting to connections. Blacklisting can prevent known malicious connections while whitelisting can ensure that only trusted connections are allowed.
(Hear from George Dullege Chief Technology Officer for JENERI IT explaining how SolarWinds EDR (Endpoint Detection & Response) is more effective in keeping his customers secure than traditional antivirus. Courtesy of SolarWinds and YouTube. Posted on Aug 20, 2020.)
Set different levels of authorization
When creating access policies for your data, be mindful of who or what you are granting access to and what level of permissions are included.
You want to provide users and applications with as few privileges as possible without restricting productivity. This means only allowing access to needed data and limiting how data can be modified, copied, or shared.
Additionally, when creating policies, try to define permissions according to user roles. This enables you to ensure that permissions are assigned uniformly and makes it easier to update permissions as needed.
3 Best Practices for Implementing a DLP
When implementing your DLP strategy there are several best practices that can help you ensure your policies are effective and sustainable.
Roll out in phases
When getting started, avoid the temptation to deny any and all access to your assets. Doing so has negative effects on your staff’s productivity and is more likely to lead to unnecessary access as IT teams struggle to keep up with access requests.
A better strategy is to start with your most sensitive assets. After determining how access should be restricted you can begin implementing rules and permissions.
Then, take the time to verify that your policies are functioning as expected. This may require multiple refinements. Once you are sure that your policies are sound, you can move on to your next most critical assets.
(SolarWinds Access Rights Manager (ARM) helps IT and Security Admins meet compliance requirements with centralized provisioning, deprovisioning, management, and audit of user permissions and access to systems, data, and files while protecting their organizations from internal security breaches. Courtesy of SolarWinds and YouTube. Posted on Jul 7, 2020.)
Carefully classify data
Your DLP strategies should be based on how your data is classified. For this basis to be reliable, you should ensure that classifications are clear and accurate.
Classification attributes should account for who is using data, which systems require access, what assets contain (i.e. employee data vs financial data), and any relevant regulations.
Classifications should also make sense in terms of the functionality of your data. For example, you may not want to spend time individually classifying in archives.
However, if classifications can also help you with reporting and optimization of storage, it may be worth the effort.
Establish clear policies from the start
Establishing clear policies includes policies for access, management, and incident response. You should clearly outline who can access data and who is responsible for managing and verifying access.
Policies should also clearly state how frequently access is audited or regulations are verified.
Additionally, in the event of an incident, you need to have defined roles, responsibilities, and procedures. Without well defined policies, you cannot uniformly implement protections.
It is also difficult to manage accountability should something be changed or overlooked.
There are many causes that may lead to data loss, but the most common are viruses and malware, power failures, social engineering, and insider threats.
Since attackers often target corporate trade secrets or private and financial information, loss of this data may result in devastating consequences.
To avoid losses, organizations can choose from a wide variety of DLP strategies and best practices. However, the seven strategies examined in this article are often considered the most rudimentary.
Defining remote work policies is an especially critical strategy, considering the current increase in remote work. Once you set up your policies, you should enforce them using different levels of authorization, and then continuously monitor endpoints.
About the Author
Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Ixia, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.
Today he heads Agile SEO, a leading marketing agency in the technology industry.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos