With increasing cyberattacks and data threats, protecting sensitive information becomes increasingly critical. DLP security software helps prevent such breaches by monitoring file-based data transfers and alerting staff to suspicious activities.
DLP tools monitor information while it is at rest, in use on endpoint devices and when in motion (over the internet, between networks or to external parties). A robust DLP strategy includes implementing encryption and adopting new privacy laws.
Defining Critical Data
DLP tools scan for data at rest and in transit to protect information stored on servers, desktops and mobile devices. They also monitor information sent over the internet or between networks and data moving on a disk or through cloud storage services.
Many tools have templates defining which organizational content types should be considered critical data. This allows administrators to track and monitor the most important data to their business, helping them identify potential breaches.
Some of the most sensitive information is personal identifying information (PII), such as end-user names, email addresses, Social Security numbers and credit card details. Stringent regulations, such as GDPR and the New York Department of Financial Services cybersecurity regulation, require businesses to protect this type of information.
Other sensitive data is intellectual property, such as proprietary formulas, designs and other trade secrets. A DLP solution can help businesses keep this information secure by monitoring file activity and using encryption, which enables making the files unreadable to unauthorized users.
With more staff working from home and the increased use of third-party vendors, businesses must monitor data being transferred between locations. DLP solutions can monitor the transfer of this information, recognizing when a file is attempting to leave the organization and blocking it or alerting security teams. They also provide reporting capabilities to support compliance audits.
Extrusion Prevention
In addition to identifying critical data, a DLP solution should detect attempts to send that information to outside parties. For example, when a staff member inadvertently forwards an internal document to a colleague via email or shares a file on a cloud-based application, DLP should be able to detect this activity and prevent the data from leaving the company.
As more staff work from home, on mobile devices or in the cloud, DLP security software is increasingly important to protect sensitive data that may be sent to external sources. Some of the largest data breaches in recent history—such as the loss of millions of Equifax records, the hacking of cybersecurity firm RSA and its theft of 40 million SecurID authentication tokens—have involved unauthorized outsiders sharing sensitive data.
DLP solutions provide visibility into data stored on servers, desktops, laptops, mobile devices, and the cloud. This allows administrators to monitor and protect intellectual property and personal information, including credit card numbers, medical or social security details, and other information.
For organizations that must comply with GDPR, HIPAA and PCI-DSS regulations, a DLP solution can identify and mark sensitive data to help meet monitoring and reporting requirements. This allows companies to keep up with evolving global compliance mandates and avoid fines and penalties for noncompliance.
Detection
DLP is a powerful tool for other security systems to protect critical data. It can help detect sensitive information as it leaves the network via email or is copied onto USB drives. In addition, it can be used to track and protect personally identifiable information (PII). Many organizations are now regulated by stringent laws around how this data is handled, with stiff fines for noncompliance or breaches.
In the case of a cyber breach, DLP software can monitor endpoints for sharing PII data and notify users who try to send it to external parties. It can then log the event for auditing, display a warning to the user who could unintentionally share sensitive data or actively block them from sending that information to anyone outside your organization.
In addition, DLP solutions can also scan files to spot unauthorized copying. They can even keep ownership traceable using a fingerprinting system that spots combinations of file fields that typically represent PII. This capability is important because it ensures that unauthorized copies of sensitive information cannot escape your network, either sent over the internet or between networks or copied from an employee’s computer to a USB device.
This is known as securing data in motion, and it can prevent sensitive information from being leaked by malicious attackers and negligent employees.
Reporting
DLP solutions can help organizations monitor and control sensitive data on servers, endpoints, desktops, mobile devices, the cloud, and other locations. An initial sweep on installation helps identify all the places that contain critical data and enables fine-tuned controls. These controls can be based on rules, dictionaries or taxonomies, or statistical analysis that looks for patterns that indicate sensitive content in unstructured text. This requires careful customization for each organization.
Most data breaches come from within, not outside the business, so it is important to use DLP to prevent accidental or malicious insider attacks. DLP can detect unauthorized data movement and block access to files and emails that contain sensitive information. It can also warn employees about potentially risky activities, helping to reduce the number of users who inadvertently share sensitive data.
Educating employees is another key part of DLP implementation and can significantly increase compliance with recommended DLP best practices. Education can be provided through classes, online training, periodic emails, videos and write-ups emphasizing the importance of following company policy on data security and the consequences of a breach.
Penalties for violating security policies can also improve compliance. DLP can enforce these penalties, but they should be part of an ongoing employee awareness program rather than a reactive approach when there is a breach.