Data Loss Prevention (DLP) is a key Data Protection strategy to prevent sensitive data being sent outside the corporate network. Whether intentional or unintentional, any sort of ‘data leakage’ has the potential to cause financial loss damage to reputation, financial loss as well as regulatory fines.
As such preventing data leakage should be part of all large enterprise Information Security Strategy. Ensuring that the right DLP tool is used for the right reasons will ensure a cost efficient implementation resulting in great return on investment in the years to come.
Most DLP tools prevent data from being leaked by deploying DLP policies to prevent emails which breach the policy from being sent outside the corporate network.
At a very basic level, sensitive data usually means Internal, Confidential, Private or Secret data, and each department within an organisation would need to define their ‘sensitive data’.
By engaging the business we would seek to determine the each department’s sensitive data. These could be documents such as excel rate calculation templates, minutes of board meetings, client powerpoint presentations. For such documents a Whitecode (random alpha-numeric string) would be provided so that it could be embedded into the document. A WC policy would be created in the DLP tool which would contain the same WC as provided to the department. The policy will only trigger if a document containing the WC was sent externally.
The business may also want certain keywords in the contents of the email to be caught by the DLP system. Keywords such as ‘redundancy’ and ‘headcount’ or ‘bonus’ or ‘Exco’ and ‘Board Meeting Minutes’. Keyword policies would be developed to stop emails containing the keywords from leaving the organisation. The use of the keywords may need to be tweaked over time to ensure false positives are a minimal.
The policies will trigger if any of the DLP policies are breached. The DLP tools have ability to Monitor, Quarantine or Block the emails from going out. This would be based the departments risk appetite for each of their datasets.
Our consultants have had excellent experience in the DLP space. We have project managers who have implemented DLP solutions at large banks. We have senior business analysts who have worked on site to provide a tailored DLP solution to meet specific business workflow requirements. We have provided a post implementation ‘managed service’ and then handed over to the BAU service delivery team when the headcount was right.
When it comes to Data Loss Prevention, real hands on experience allows our teams to hit ground running. For more information on how we can help you protect your company and your customers data then contact us here.