Data loss prevention is an important topic to confront in an age of ever-constant and growing threats to cybersecurity. Fortunately, with the right focus on data, the right approach to managing data and helping people to manage data, DLP initiatives have the potential to make very real improvements.
Here are 6 tips to help you get started.
1. Prioritize your data
The first step to good data loss prevention is the understanding that not all data are created equally. The reality is that some data will cause a bigger problem if stolen – this is well worth keeping in mind in light of ransomware threats.
Let us say you are a manufacturing company. What data should you prioritize? One obvious example is intellectual property, i.e. design documents. If you have design documents for future products that have not yet been released, protecting those should probably be your highest priority.
Now consider a retailer or a financial service company. Payment card industry (PCI) data are obvious candidates for prioritization. Healthcare companies should prioritize medical records.
Once you have a clear idea of what your most important data are, you’ll have a good sense of how to prioritize.
2. Categorize/classify your data
Now that you have prioritized your data, it is time to classify them as well. One good way to classify your data is by context: think of source applications, data stores, or users who created the data.
If you apply persistent classification tags based on one of these contexts, you’ll be better able to track the use of your data.
3. Understand when data is at risk
Different types of data may be at risk in different times and different ways. When data are at rest, encryption and network-based security controls may be enough to secure them.
When data are distributed to user devices, of course, or shared with your partners, customers, and so on, different risks come into play. In all of these cases, the greatest risks to data are often at the moment of use on endpoints.
For example, if you attach data to an email or move it to a removable storage device, you will need to account for the mobility of the data as well as the moments when data are put at risk.
4. Monitor movement of your data
Monitoring movement of your data is important for understanding how they are used, and what existing behaviors may put them at risk at particular times.
If you do not have this knowledge, your organization will not be well-equipped to develop appropriate policies to mitigate risk of data loss while protecting appropriate uses of data.
This is why it is so important to monitor all data use: it will help you to determine what is happening to your sensitive data and determine what issues your DLP strategy must address.
5. Communicate/develop controls
Your monitoring of the use of data will pay off as you gain new metrics about how people are using data, and how their behavior does or does not put those data at risk. Your next step is to figure out why this is happening and rectify the situation by creating controls on data use that will reduce the risk.
At the beginning of an initiative, you may want to start with simple controls. This will keep things relatively easy while you are working on improving the situation. It is also good to target the riskiest behaviors first.
Organizations are made of people, and people are complex. It is best to focus on a few things first and wait until everyone has mastered them and is on the same page before pushing anything else.
6. Train and guide employees in DLP
People need training, guidance, and support to do their jobs well. Make sure that your communication includes that focus in order to equip your employees to help them do their jobs well.
The point of communication and controls, after all, should be to help people understand their role to play in DLP. Their actions are important because they either keep data secure or expose them to risk. The better trained and guided they are, the more they will understand this and act accordingly.
Data loss prevention is fundamentally about understanding the risks to your data and managing your data and your organization accordingly. By prioritizing data, you will know which data to focus on the most. By categorizing, you will have a good way to organize them.
Then you can focus on when they are at risk, monitor their movement, and train your people and help them to understand how they can contribute to DLP. With the 6 tips provided here, you should be off to a good start.