4 Step Cloud Security Audit for School Districts

Keep data secure and students safe with a cloud security audit

K-12 school districts are at the forefront of cloud adoption, being among the first industry sectors to realize the massive benefits of cloud computing. One of several reasons school districts have been eager to make the move is that they need to be able to do more with less.

But while K-12 has adopted cloud computing eagerly, districts are falling woefully behind in cybersecurity—and cloud computing security specifically. Much of the gap has to do with budget and other resource constraints. But there are also understanding and mindset factors that are leaving student data vulnerable to exploitation in school cloud apps.

For example, many IT leaders believe that their content filter does what a cloud security platform will. This couldn’t be further from the truth. The two use completely different technologies, and are used for completely different use cases.

Even more people think that their firewall is enough to protect data in the cloud. In this mistake, K-12 is not alone. There are IT and information security teams in every industry type and organization size that make this mistake. Firewalls are built to protect your district’s network. But data stored in cloud applications like G Suite and Office 365 live outside your district network. Firewalls are no more capable of protecting your data in the cloud than your home security system is capable of stopping your car from being stolen.

Running a cloud security audit will help your IT team see potential data loss prevention, account takeover, ransomware, and other security vulnerabilities in your cloud environment. Using this four step process to auditing district cloud applications will put your team in the best position possible to secure information from identity theft—and help manage student safety risk factors.

Why Audit District Cloud Apps

If your district is using cloud applications for classroom and/or administration, you need to schedule regular cloud security audits. Most school districts that have moved to the cloud are using Google G Suite, Microsoft Office 365, or both to store employee and student data, collaborate on projects, communicate, and more. These cloud applications are built on very secure cloud infrastructures. But, it is your responsibility to secure your district’s accounts from cyber attacks, data loss, and potential student safety issues.

Data security is an often overlooked, but increasingly important topic for K-12 school districts. According to the K-12 Cybersecurity Resource Center, 713 cyber incidents have been reported by K-12 public school districts since 2016. This year alone saw a veritable explosion of ransomware and phishing attacks targeting schools and other public institutions.

Though there is a lack of regulation governing district data security, the time is now to start getting serious about school district cybersecurity.

You can also include a student safety element to scheduling cloud security audits. As more students go online at school, district IT teams are finding themselves at the digital convergence between cybersecurity and cyber safety. At the same time, district IT teams are understaffed, underfunded, and overwhelmed as it is. The insurgence of student cyber safety responsibilities is new—and often unwanted—territory for K-12 IT.

Scheduling regular cloud security audits capable of detecting both data security and student safety issues with automatic reporting is critical for maintaining school infrastructures—and can be a huge win for IT teams.


Step 1: Discover Connected SaaS

OAuth is a fantastic technology that helps people use different SaaS applications without needing to create a separate account for each one. A person can simply login to the application using their Google or Microsoft account.

The downside is that it connects the 3rd party SaaS app to the cloud environment that is used to login through OAuth. System admins are finding it increasingly difficult to manage the explosion of connected SaaS applications to the district cloud environment.

Data security is the biggest concern here. Your district’s data is only as secure as the least secure SaaS application connected to it. If a SaaS vendor is not careful with the security of their own product, it makes your data vulnerable. Criminals are able to use an applications security vulnerabilities to access customer information through OAuth—exposing you to a data breach.

There are also many instances of hackers creating purposefully malicious applications. The goal is to trick someone into connecting to the app through OAuth so they can gain access to your Gmail/Outlook 365, shared drives, contacts, etc.

Auditing the 3rd party SaaS applications connected to your district account can also help control technology costs. You can pull a report of how many applications the district has in its environment to help others determine how much these apps are costing, if they’re being used, etc.

Step 2: Data Loss Prevention

The effectiveness of your data loss prevention rules and policies should be audited regularly. These tend to change as time goes on, and you need to make sure that edits in one place haven’t impacted security in another place.

Data loss can be either accidental or malicious. Most often, it is because an employee unknowingly sets a document to be able to be shared with people who shouldn’t have access to it. Or they accidentally include people on an email who are not the intended recipients. These types of data incidents happen all the time, but they are not harmless. Any time sensitive, personally identifiable information is exposed it can cause damage to the people whose information is shared.

Malicious data loss is what gets all the attention, and is certainly a risk factor that you need to mitigate. Running a regular DLP audit will help you identify if there are any DLP rules and/or policies that need to be adjusted, if new data was created that needs to be secured, or if any information is being used improperly.

Step 3: Account Takeover Detection

Account takeovers are becoming a more common source of phishing, ransomware, data loss, and other cyber threats impacting organizations in the cloud. An account takeover is notoriously difficult to detect and can go on for weeks or months without detection. A cloud audit will help you see abnormalities in account behavior that may indicate an account takeover has occurred, or is currently happening.

Your cloud audit should pull data on:

  • Account login location (by country and/or IP address)
  • Number of login attempts, failures, and successes
  • If phishing, malware, and other suspicious emails are originating from an internal account
  • Abnormal file upload, download, and/or sharing activity

Using this information, you can determine if any accounts are at risk, and then take steps to mitigate and/or remediate the issue.


Step 4: Student Safety & Behavior

School districts are unique from other organizations that do business in the cloud in a number of ways. One of those ways is the responsibility you have for students’ safety—both off and online. If you’re like most school districts, you already have a content filter in place to comply with CIPA and qualify for E-Rate Program funding.

But what about the students that are bypassing the school network? Or using their device outside of the school network? Or students that login to school accounts on personal devices that don’t have the content filter installed? Content filters aren’t equipped to block these kinds of access activity.

We also know that students are using Google Docs as private chat rooms. They are uploading photos and videos to school shared drives. And they are using school email accounts to communicate with each other about personal matters.

Running a cloud security audit with student safety in mind can be made easy with the right kind of setup. You can use student safety specific policies, such as contextual keyword strings, image recognition AI, and sharing and editing behaviors to identify if there is an issue in your Google and/or Office 365 apps. If the audit does find an issue, you can find important information such as who was involved, who it was shared with, why information was shared, etc. All this information is helpful to school counselors and/or campus resource teams who can determine appropriate next steps.

Running regular cloud security audits is an important element of your data security and student safety process. An audit will help you identify potential weaknesses in your cybersecurity infrastructure, as well as detect potential safety hazards. If you’re using a cloud application security platform, you can simply set up automatic audits that will email you reports on a daily, weekly, or monthly basis.


How Cloud DLP Fits Into Your Cybersecurity Infrastructure

Why you need cloud data loss prevention in your cybersecurity tech stack

Last week, we looked into how cloud security fits into your cybersecurity infrastructure. Today, we’re going to double-click on the topic of cloud security and look at cloud DLP specifically.

Here, we’ll discuss what cloud DLP is, the benefits of configuring it for your organization’s cloud apps. Finally, we’ll take a look at the key features you should look for in a cloud DLP platform.

What is Cloud DLP?

Data loss prevention is a strategy for ensuring that sensitive and protected information does not leave the organization’s network. Data loss can happen both accidentally and maliciously, from both internal and external users.

Cloud DLP is simply a strategy for protecting your data stored in the cloud. Cloud DLP is different than traditional forms of data loss prevention methods because your data is being stored in the cloud, rather than on-premise on a hard drive or local server. Simply put, this means that your data is not being stored within your network. Therefore, traditional network or perimeter security technology doesn’t protect it.

Benefits of using Cloud Data Loss Prevention

If your organization is storing data and/or communicating using cloud SaaS apps, you need cloud DLP. There are many benefits to using cloud DLP over perimeter-based security. These benefits include:

  1. Deep integration with cloud apps like G Suite and Office 365 using APIs, making it a near-native security feature of the apps your team uses
  2. Ability to audit existing data and classify it into set categories of sensitivity and protection
  3. Scan and classify new data as it is created or uploaded
  4. Monitor and act on risks 24/7, even as you and/or your security team sleeps
  5. Enforce data loss prevention policies 24/7, giving you and your team greater peace of mind
  6. Get administrator alerts when there is a DLP policy violation, so your team can investigate the source if necessary

[FREE DEMO ON-DEMAND] See Cloud Data Loss Prevention In Action & On-Demand Click Here >>

Key Features for Cloud DLP Platforms

There are several cloud data loss prevention software options available on the market. So, how do you know which one is right for you?

There are several key features that are important to have in your cloud data loss prevention tools. They are:

1. Pre-built and customizable DLP policies

Pre-built or out-of-the-box DLP policies save you time, and ensure that you’re using data loss prevention best practices. But, no two organizations are alike, so you will also need the ability to adjust policies and easily build customizable ones from scratch.

2. Content and context aware DLP

Every cloud DLP platform available uses content aware DLP technology. This basically means that it’s scanning for key terms and/or text strings (including numbers) that have been set up as “rules” for the policy to follow. For example, content aware DLP will scan and find a set of 9 numbers and flag it as a social security number.

Context aware DLP can recognize other information around those 9 digits to help it determine if it is indeed a social security number in need of protection.

3. Machine learning

Machine learning is more than just a buzzword—and it’s critical in data security. Platforms that use machine learning allow the technology to continually get smarter about what should and should not be flagged as policy violations.

Machine learning technology in cloud DLP significantly reduces the number of false positives in the system. It also improves the platform’s ability to recognize more complicated data loss scenarios. Cloud DLP that uses machine learning continually gets better as time goes on—providing you with more bang for your buck!

[FREE DEMO ON-DEMAND] See Cloud Data Loss Prevention In Action & On-Demand Click Here >>

4. Alerts and notifications

Believe it or not, you will want a cloud DLP solution that allows you to set administrator alerts and user notifications. While the sheer number of alerts can be overwhelming for some, it’s important to know when there is a policy violation so you can investigate.

DLP notifications are also helpful for two main reasons. First, they inform the user that they have violated a policy, so that user knows what happened to their communication and/or file. Second, notifications can help educate users about safe data handling practices to (hopefully) reduce the number of incidents in the future.

5. Automated actions

No cloud DLP platform is worth it if it can’t take some kind of action on the problem when a policy is violated. Even information security people need to sleep!

Beyond simply being alerted that a DLP policy has been violated, there are several types of actions you may want the tool to take. If you can set the policy to delete, unshare, quarantine, unsanction, and more you are going to save yourself a ton of time.

If your organization is creating, storing, and/or sharing information in the cloud, you need a cloud DLP solution. You will need a solution that can automate the majority of the work it takes to monitor, audit, and control what is occurring in your cloud apps. Save yourself a ton of time and effort by choosing a DLP solution that is built for the cloud, and is integrated with the cloud apps your team uses.

cloud dlp in action free demo

What Is A Data Breach?

What is a data breach and 6 steps to protecting your data

A data breach is defined by Wikipedia as “the intentional or unintentional release of secure or private/confidential information to an untrusted environment.”

Data breaches take many different forms. Some are caused by simple accidental improper sharing and security settings that don’t result in use of the data. This can be thought of more as “data exposure”. A data breach can also be caused by a calculated, malicious act to gain information that can be used for profit. These types of attacks commonly target personally identifiable information (PII) such as social security numbers, payment card industry data (PCI) a.k.a. credit card information, and/or trade secrets.

It’s worth noting that a data breach and data loss are two different types of risk. However, a data breach can lead to data loss. This is particularly true in the perimeter-less world that most school districts now live in, due to their reliance on cloud applications for everything from learning management systems to HR and financial data storage.

In this article, we will use the term data loss prevention as a way to prevent a data breach. It can certainly be argued that these are two different types of risks that need different security approaches. It is our stance that, in today’s cybersecurity environment, a data-first approach to security is necessary.

3 Causes of a Data Breach

There are three common causes of a data breach: accidental, internal criminal, and external criminal.

1. Accidental Data Breach

Accidents happen. Data breaches due to accidental or non-malicious actions are the most common data breaches. Particularly as cloud computing and BYOD drive both classroom and district employee collaboration and productivity, school districts are becoming more susceptible to accidental data breaches.

For example, we see cases where district staff accidentally set a document sharing settings to “visible to the public”. In this case, anyone could find the document and see the information it contains. When this happens, it’s usually unlikely that the document was actually accessed by outside viewers. But it’s not entirely out of the question, and it’s certainly not ideal to have documents and information floating around in the public accidentally. This is particularly true for employees that have access to documents that contain sensitive information, such as student and staff personally identifiable information and district financial and/or payment information.

Accidental data breaches can also occur when a device is lost or stolen. For example, when a staff member accidentally forgets their phone on the bus, access to information granted on that device is granted to whomever finds the device and decides to use it themselves. There have unfortunately been several cases of lost or stolen hardware being used to access sensitive information.

2. Internal Criminal Data Breach

Data breaches that are caused by an internal “bad actor” are notoriously difficult to detect and are an increasing concern. Data breach cases involving disgruntled employees and bribery schemes make data loss prevention even more difficult for IT teams.

In many cases, these types of data breaches involve employees who are leaving the company that steal data. In one such case, a K-12 school district IT contractor stole a database containing information about 70,000 people when she found out she was fired. The files were stored in the cloud, and she was able to access the files remotely before school officials could close her account.

In another case, AT&T employees were caught taking bribes to infect the company’s network with malware. This malware was used to collect data on the company’s internal infrastructure using keylogging. The scheme also included unlocking devices and installing “rogue wireless access points” into AT&T’s network. AT&T reportedly estimates that it lost more than $5 million in revenue each year, over at least a four year period.

The moral of each of these stories is that school districts can’t be too careful when it comes to monitoring for data breaches. We tend to think of data breaches as something that only happens to financial companies, like Equifax and Capital One. And that they only come from the outside. But, insider data breaches are destructive—and are on the rise.

3. External Criminal Data Breach

Data breaches from external hackers are most widely discussed and feared in the cybersecurity world. And this is with good reason. While employee negligence is the biggest cybersecurity risk, email continues to be the biggest phishing and malware threat vector.

Cybercriminals outside of your district want to gain access to your information for one reason—to make money. This can be accomplished in a number of ways, with ransomware and selling data on the dark web being the two most common.

Account takeovers (also referred to as account hijacking) are an increasing concern for district IT teams. This is because an account takeover can make an external data breach look just like authorized internal access. Account takeovers are notoriously difficult to detect and can go on for months and even years before they are detected.

As schools become more mobile and remote, detecting and remediating account takeovers is a major focus for companies of all sizes. In the good old days, students and teachers were all in the classroom and employees were all in an office, and those who traveled were required to access the network via a VPN. With the rising popularity of cloud computing, the district’s network perimeter is all but dead. New data loss prevention methods need to be used for new challenges.

Types of Data Targeted

Four types of data are typically targeted by cybercriminals—both internal and external. These include payment card industry (PCI) information, personally identifiable information (PII)—such as students’ social security numbers and employees’ W2s, and district financial information. The human and financial toll that students, parents, and district employees experience as the result of a data breach and identity theft can be significant.

How to Prevent a Data Breach

Preventing a data breach on a day-to-day basis is difficult, and building an information security and incident response program is worth every penny. When thinking about how to prevent data loss, most people think in terms of data loss prevention tools. But data loss prevention is much bigger than software alone. From a broad view, there are six simple steps your organization can take to improve data loss prevention.

6 Steps to Better Data Loss Prevention

  1. Back up your data
  2. Set up DLP policies and processes
  3. Use data loss prevention software
  4. Monitor for improper use of data (both internal and external)
  5. Monitor for account takeover behavior
  6. Regularly audit for data breach risks

Are you protecting your data stored in the cloud from breaches and/or loss? Sign up for a FREE 30-Day trial and experience cloud data loss prevention for K-12 school districts with ManagedMethods.

data loss prevention free trial offer

7 Step Data Loss Prevention Checklist

Use this 7 step data loss prevention checklist to help plan and tackle your DLP strategy

This data loss prevention checklist is meant to provide a framework for ensuring that your organization’s sensitive data is secured from improper access—both internal and external.

But, you may first be wondering: what is data loss prevention? Data loss prevention (or DLP, as it is commonly abbreviated to) is simply a strategy and process for ensuring that information stored by your organization is not improperly or unintentionally exposed.

The most important data to secure is that which is regulated by federal, state, and/or local laws. This type of data broadly includes personally identifiable information related to minors, and employee and customer credit and financial information.

Companies will also want to secure proprietary information, such as intellectual property, financial information, growth and strategy plans, etc. to retain competitive advantage.

Many B2B-focused software and SaaS applications on the market provide at least some level of DLP controls natively. But using these provided tools alone creates an incoherent (and risky) data security environment. They also don’t fully protect your organization’s data infrastructure. There are many data loss prevention tools available on the market today that help information security teams manage comprehensive data loss prevention methods across all digital data assets, including hardware, software, the cloud, and everywhere in between.

[FREE OFFER] Identify DLP Risks In Your Cloud Applications. Click Here To Learn More >>

7 step data loss prevention checklist7 Steps To Better Data Loss Prevention

Step 1. Inventory: Analyze & Categorize

The first step in creating a comprehensive DLP plan is determining where all your organization’s data is located, and how much of it is sensitive information. You’ll also want to analyze your current security posture in each of these locations to determine how data is being managed and protected, and where security gaps may exist.

Common locations for organizational data include:

  • On-premise / network storage
  • Cloud / SaaS application storage
  • Hardware storage, including laptops and desktops, mobile devices, external hard drives, etc.

Once you have a handle on where all your data resides, you’ll want to categorize it. Common data type categories include:

  • Personally Identifiable Information (PII)
  • Payment Card Information (PCI)
  • Customer Information
  • Intellectual Property / Proprietary Information
  • General Internal-Only Information
  • Public Use / Domain Information

As an example, PII includes information such as social security numbers, names, addresses, etc. that can be used to commit identity fraud. On the other end of the spectrum, much of sales and marketing information is created with the intent of being public-facing. This type of information would need less restrictive controls.

Step 2. Regulatory Compliance Establishes DLP Baseline

The level of regulatory compliance that your DLP plan will have to adhere to depends on the nature of your organization. Healthcare companies, for example, need to comply with HIPAA regulations. Companies that process credit cards are required to comply with PCI-DSS. Organizations that work with children, such as K-12 schools and districts, need to comply with regulations like FERPA and COPPA.

Compliance also depends on where you are located, as state and local regulations may add a layer of requirements to your compliance DLP planning.

Regulatory compliance should be just the baseline of your data loss prevention structure. Because regulations don’t cover the more nuanced data protection needs of your organization, such as intellectual property, growth strategy, and other assets that represent competitive advantage.

Step 3. Business Information Data Loss Prevention

After you’ve laid the DLP groundwork to ensure you’re compliant with legal regulations, it’s time to take a look at your business data. Business information that you need to secure from improper use might include:

  • Strategic planning and competitive research and positioning
  • Financial reports and information
  • Intellectual property and proprietary information, processes, etc.
  • Additional prospect, customer, and employee information that may not be covered by data protection regulations

Step 4. Internal Processes & Vendor Selection

Now that you have a handle on what the entirety of your information inventory looks like, what your regulatory compliance obligations are, and what information you need to secure for business reasons it’s time to put processes in place to manage it all.

People tend to think about DLP policies in terms of setting them up in their data loss prevention software. But we’re not quite there yet. Here we’re thinking in terms of a company policy that directs the human behavior element of data loss prevention.

What uses of each type of information category is acceptable, and what is not allowed? Some examples might include:

  • Detailed company funding information can only be accessed by the executive team, and cannot be shared outside the organization
  • Proprietary product code cannot be accessed outside of the “tier 1” engineering team
  • Any files and folders labeled “Confidential” cannot be shared outside of the organization
  • SaaS applications must be sanctioned by the information security department prior to use

Your DLP policy planning should also include requirements for vendor, supply chain, and/or partner security requirements. This is an often overlooked area of a DLP strategy, but there are plenty of examples of malicious attacks in one area impacting client or partner organizations throughout the supply chain. To use the cliche, your data loss security strategy is only as strong as the weakest link. The many operational benefits of an interconnected vendor system also exposes unique cybersecurity challenges that must be addressed in any solid DLP plan.

Documenting these policies prior to going into your software helps in three ways. It helps you and/or your planning team organize your policies plan in a structured way. Second, it provides a formal document that can be incorporated into the employee handbook and shared with employees for training purposes. And third, it helps the software implementation team efficiently and coherently set up each of these policies in the DLP software.

Step 5. Building Automated DLP Rules & Policies

Data Loss Prevention Product ManagedMethods

OK, so now comes the fun part! Now that you’ve categorized your data and you have processes and policies in place, you’ll want to get as much DLP policy management automated as possible. This means using a DLP platform to set up rules and policies that govern everyday use and behavior in your organization.

There are many, many data loss prevention software and solution providers available on the market. The best one for your organization is highly dependent on your specific IT infrastructure and unique needs.

But the basics are about the same. Any good DLP platform will allow you to set up rules that govern how a specific type of file or folder or software can’t be used. Then, there are policies to put in place that tell the platform what to do if that rule is broken. Policies can do things like send notifications and alerts, revoke sharing, quarantine, delete, suspend a user account, unsanction an application, etc.

Most experts agree that it’s best to start with a light touch here, and then incrementally restrict over time. This approach, of course, also depends on the nature of your business and how strictly regulated your industry is. If you are operating in a highly regulated industry, such as healthcare, you’ll likely want to approach it from the other direction by being as restrictive as possible, and slowing opening access if needed.

Experience Cloud Data Loss Prevention FREE For 30 Days! Click Here To Sign Up For A Risk Assessment >>

Step 6. Educating The Team

Studies show that educating employees on the importance of data loss prevention and company policies surrounding the matter significantly improves an organization’s security stance. They also show that continual reinforcement, rather than a one-time training event, is the most effective way to improve the inherent human element behind data loss.

This is an area where documented data loss prevention policies and processes (created in step four) are helpful. It provides everyone with the information they need to understand their personal responsibilities when it comes to company data security. It also outlines what is acceptable behavior and what is not.

Your DLP platform can be helpful as well. Most solutions provide the functionality to send the offending employee a notification email when they have done something that violates a DLP rule. Setting up these types of emails helps automate continual reinforcement of company data security policies and is beneficial to employees as well.

Step 7. Monitor & Strengthen

Data loss prevention should not be treated as a “set it and forget it” project. Particularly for the first several months to a year after the first implementation, you should closely monitor the efficacy of your processes and automations to ensure they’re working as expected, and to identify gaps.

Your DLP platform will be key in this area. Investing in a platform that monitors your environment 24/7 means that you and your team can focus on other projects or tasks while the technology does the redundant work. Set up automated audit and risk reports, so that you gain quick and easy visibility into your data loss risks and can adjust as required.

Using This Data Loss Prevention Checklist

The specifics of how to prevent data loss in your organization depends on a variety of factors—including the type of hardware and software you use, and the level of data complexity in your organization. Therefore, it’s impossible to create a data loss prevention checklist that will apply to every organization. But hopefully this checklist gives you a solid framework for planning and tackling your data loss prevention strategy.

It’s important to note that if your team uses cloud applications, such as G Suite, Office 365, Slack, Dropbox, etc. and you’re relying on firewalls to protect your data from loss, chances are high that your data is exposed. As discussed in step one, there are many locations where data may be located, and each of these locations represent a potential for loss. Many information security professionals don’t fully realize the unique challenges of securing data in the cloud as compared to other locations, such as in on-premise servers and employees’ desktops.

The unique challenges of securing your organization’s sensitive information in the cloud are important, but not insurmountable!

Sign up for a free cloud data loss prevention risk assessment today, and we’ll help you determine where you have DLP risks in your cloud environment in a matter of hours.

Data Loss Prevention Free Risk Assessment

What You Need To Know About How Data Loss Prevention Software Works

Data loss prevention software is a vital component of your security infrastructure

You know what data loss prevention is, but you may have some lingering questions about how to prevent data loss. Data loss prevention software is not the silver bullet in the constant battle for data security. It is, however, an important arrow in the InfoSec team’s quiver. Data loss prevention software helps teams automate much of the daily tasks that are required to keep sensitive company data secure.

Data loss prevention methods have evolved over the past several years as organizations have transitioned to cloud computing. While many methods remain important, such as backing up your data and using strong passwords, securing data in the cloud is challenging in several ways. Companies that use G Suite or Office 365 can no longer rely on perimeter network defenses to secure data stored, accessed, and shared in the cloud.

Categorizing Data Types in Data Loss Prevention Software

When you are just getting started data categorization will likely be more of a manual process than software-driven. Much of that process depends on the amount of data you’re working with and how complicated your infrastructure is. Most of the data loss prevention software available will use some level of machine learning to process and categorize common data types.

For example, many solutions have the ability to identify and classify credit card numbers stored in a spreadsheet or an email. Some even use optical character recognition to detect images of credit cards. Most data loss prevention software solutions incorporate this level of data classification out-of-the-box because spreadsheets, emails, and images are common data types, and because there are compliance regulations around how companies are required to store and secure credit card information.

On the other hand, custom information like company financial data, strategic plans, and intellectual property will need custom categorization settings. Using data loss prevention software, you can set up custom category types.

[CHECK IT OUT] Data Loss Prevention Software In Action. Click Here To Watch A Recorded Demo >>

Data Loss Prevention Rules and Policies

Data loss prevention software relies heavily on rules and policies that drive action- basically, rules tell the software what data needs to be checked, and policies tell the software how to handle it.

Let’s say you want to make sure that customer credit cards are not shared outside of a specific group of users within your company. Most solutions have templated rules for this that your can use, but we will continue with this instance to better understand the software.

First, you will set up a rule within the data loss prevention software that tells it what credit card numbers look like. You will need to set up a “pattern” for the system to check for, you should also be able to set up “whitelist” patterns and words in the rule. This will reduce the number of false positives you experience once the policy is live. Most, if not all, of the data loss prevention software on the market today will include the ability to validate the number of false positives using the Luhn algorithm, either by providing you with the option or simply doing it automatically.

Once you have your rule set up to detect credit card numbers in your environment, you need to set up policies to tell the software what to do with the card numbers. Again, there is usually an “out of the box” template for this type of data loss prevention policy but it’s good to know  how to adjust it if you need to down the road.

Policies are where the fun really begins. Policies are set up by identifying the rule as a “trigger” and then telling the data loss prevention software how to respond to it. So, you may set up a policy that tells the software to “revoke sharing” when it finds a file that is breaking the “files containing credit card numbers” rule.

You’ll want to set up notifications within these policies to notify your system admin that a rule has been violated so they can investigate it further if needed. For certain types of policy violations, particularly where an unauthorized file share has occurred, you should set up user notifications as well. This helps continually remind and educate your colleagues on the importance of data security and what types of data should not be shared.

File Matching

Data loss prevention rules can also be created around certain types and sizes of files. We’ve seen cases where users were uploading bootlegged movies into a customer’s shared drive and sharing them with other colleagues. Not only is this illegal, but it also took up a huge amount of storage space.

The system admin was able to go in and create a data loss prevention rule to match files based on type and size, and then remove the files in bulk. He then created a policy that would detect these types of files from now on and automatically remove them from the cloud environment.

File matching in data loss prevention is a powerful tool, it can be used to detect encrypted files that should be protected being uploaded or created in your environment. When you pair file matching data loss prevention tools with content matching data loss prevention rules, you have a strong structure in place to protect your data and cloud environment.

[FREE TRIAL] Start Your 30-Day Cloud Data Loss Prevention Free Trial Today >>

Image Data Loss Prevention Capabilities

A relatively new data loss prevention capability is image scanning, also referred to as optical character recognition. Data loss prevention software that has optical character recognition capabilities is a definite must, and not all data loss prevention or CASB vendors provide it.

Optical character recognition allows the data loss prevention software to scan images files, such as JPEG, PNG, and PDF, for rule violations. Going back to our credit card number example, if an employee has taken a picture of their company credit card and saved it to your shared drive, you don’t want that information to go outside of the people who have access to it. You may not want them to have that file in the shared drive at all, so you’ll want to be able to remove it.

An even more concerning scenario is if there are screenshots or PDFs in your shared drives that contain customer credit information. Data loss prevention solutions that don’t use optical character recognition technology won’t be able to detect the information in those types of files. But those files should be treated exactly the same as spreadsheets, text documents, and emails that contain credit information.

Data Loss Prevention Alerts and Remediation

We’ve touched on data loss prevention alerts and remediation in previous sections, but it is a very important step in the process. Equally important is how different data loss prevention software solutions handle alerts and remediation, because it’s not enough to just flag a rule violation. You need to be able to do something about it!

As you’re setting up your policy, you’ll need to make decisions about what needs to happen when it’s triggered by a rule violation. As previously discussed, there are instances when you may want to send a user or admin a notification to alert them to the issue.

Automated remediation can take many forms. A few examples include:

  • Revoke sharing
  • Delete
  • Quarantine
  • Suspend user
  • Unsanction

Data loss prevention software is a critical component to your DLP tool stack and strategy, it saves companies a lot of money and headache that comes from data loss and breaches. Data loss prevention software also saves system admins time by automating a majority of the data loss prevention process. This allows them to focus on other priorities while maintaining some peace of mind!

data loss prevention free trial offer

Top Data Loss Prevention Methods For Cloud Applications

Companies using cloud applications need new types of data loss prevention methods to secure sensitive information

Companies and organizations have been using a variety of data loss prevention methods over the decades to protect important and sensitive information from being lost or stolen. These methods took on an entirely new life when the use of computers, and soon thereafter, the internet became mainstream. Now, the migration to cloud computing is creating a new need to reinvent how to prevent data loss.

What is data loss prevention? Broadly speaking, it’s simply a strategy for ensuring the sensitive and protected information does not leave the company network. But today, when people talk about data loss prevention (or DLP) they’re often talking about the tools, software, and/or services used to enable it. But, the data loss prevention methods you deploy must include both human elements, such as training and reinforcement, as well as the processes and tools used.

The specific methods you use depend on your specific IT infrastructure. Companies that are using cloud applications, such as G Suite and Office 365 for example, really do need a CASB to enable best DLP practices in the cloud. Here, we’ll take a look at the top six data loss prevention methods you need to include in your DLP strategy for secure cloud computing.

[FREE TRIAL] Sign Up For Your Free 30-Day Trial Of ManagedMethods Cloud DLP >>

1. Backup Your Data!

Automating your data backups is the first, and perhaps most effective, data loss prevention method you should employ. Because there are many ways that data can be lost—from accidental to malicious—automatic backups are about the closest thing you can get to a foolproof data loss prevention method.

Cloud computing has made data backups very easy. If your company is a G Suite or Office 365 customer, you should already have the ability to set up automatic data backups to Google Drive or OneDrive. There are also many 3rd party data backup solutions available on the market for those companies that either don’t already have a solution, or are extra vigilant in their data loss prevention backups and would like to use an additional resource.

2. Set Up Data Loss Prevention Policies

Setting up data loss prevention policies usually starts with classifying the different types of data you have and determining what level of protection each needs. For example, you may separate your data into two or three categories ranging from “open source” to “critical”.

Next, you will want to create policies around how information in each classification can be accessed and shared. For example, “critical” data may be that which only upper management in HR and financing can access. On the other hand “open source” contains files and information that, say, marketing and sales are creating to share outside of the organization.

Once you’ve classified your data types and set up policies around who can access them, and how they can be shared, you’ll want to monitor and audit each policy’s effectiveness. The rule of thumb when it comes to policy-driven data loss prevention methods is to start with very strict restrictions on access (particularly for those skewing toward the “critical” side of the spectrum), then open access slowly to those employees who really need access to them.

Auditing your DLP policies on a regular basis will also help you identify if there are certain types of data that you’ve missed or if you have misconfigured any rules in the process.

3. Use Data Loss Prevention Software

Software enables data loss prevention methods by allowing you to automate policies, monitor use, and detect risks. The right type of data loss prevention software for you will depend on the technology your team uses to store, access, and share data. There are three main types of data loss prevention software: endpoint, network, and cloud DLP.

Just about every organization should be using Endpoint DLP. This is because, well, everyone has at least one endpoint per employee—most have many, many more. Endpoints include laptops, desktops, on-prem servers, smartphones, tablets, and basically anything that connects to your network.

Most companies also know that they need some sort of software to control network DLP. Your network has long been the single access point between the internet and your internal information. However, that has fundamentally changed for most businesses and organizations in the last five to ten years or so. Now, employees bring their own devices to work and expect to be able to use them. SaaS applications have also become prolific in workplace productivity and communications. These changes are what have created the need for cloud DLP software.

[FREE TRIAL] No Credit Card Required! Start Your Cloud DLP Free Trial Today >>

When information is stored, access and sent or shared in cloud applications, traditional network and/or endpoint DLP technology doesn’t cover all the bases. It was developed to protect access to the information. But it doesn’t secure the actual data once authorized access is gained (whether it’s from an internal, actual authorized user or not). Cloud DLP software, often available in the form of a CASB solution, provides InfoSec teams with the ability to monitor and detect activity within cloud applications so that data, not just access to it, is secured.

4. Monitor for Improper Use of Data

Data loss stemming from employees are more common than external attacks (though they get far less attention). For the most part, these incidents are accidental. They can range from an employee spilling coffee on their laptop to having it stolen from their car. Most often, it’s from sharing information with someone that shouldn’t have access to it without realizing they’d made a mistake.

There are also instances of employees stealing information from a company. Because they have authorized access to data, it is notoriously difficult to detect these incidents until well after they’ve occurred. It could be a case of an employee who has been let go or quite who takes customer and/or company intellectual property information to bring to their next job or to sell to a competitor. There are also cases where employees take employee and/or customer information to steal their identities or sell the information on the dark web.

While the intent of internal data loss creates vastly different outcomes, both can be problematic for any company. Even accidental data loss can set an organization back in terms of cost spent creating the information (both financial and/or time), as well as the cost of trying to regain it. Accidental incidents can also create a vulnerability for malicious attacks if left unnoticed and un-remediated.

5. Monitor for Account Takeover Behavior

Monitoring for account takeovers is a next-level data loss prevention method that is difficult to accomplish without the right data loss prevention tools. But, it’s a critical capability in your data security strategy and relatively simple to accomplish with the right technology.

The majority of account takeover attempts (and successes) have the same basic “signatures”. The easiest way to identify one is by monitoring and controlling login locations. A simple example of this is: if all your employees are based in the U.S., you know that any logins coming from another are unauthorized. You can set up a DLP policy to reject any logins coming from other countries outside the United States.

Monitoring for account takeovers should also take into account the number of login attempts. If you’re able to see a sudden and suspicious spike in the number of login attempts over a few hours or a couple of days, you know that that account it being targeted. You can take proactive action in these cases by re-setting the account password and requiring a stronger one.

Finally, using a data loss prevention CASB allows you to detect other types of suspicious behavior, such as massive file downloads stemming from a particular user, abnormal sharing outside the domain behavior, and/or uploading files or sending emails containing malware or phishing links.

6. Regularly Audit Your Data Environment for Risks

One of the best data loss prevention methods available is to continually audit your data environment for new vulnerabilities and risks. These could come from an employee using a new, unsanctioned SaaS application, new patch updates in existing apps, new types of sensitive data entering the environment, and more. InfoSec teams are trained to see vulnerabilities everywhere. A good data loss prevention tool will help you and your team monitor and audit for new risks 24/7.

As you can see, there is a wide variety of data loss prevention methods available for IT and InfoSec teams. Choosing the right DLP solution (or solutions) largely depends on your company’s IT infrastructure, compliance requirements, and budget. For teams that are using popular cloud applications, such as Google G Suite, Microsoft Office 365, Slack, and more, using a reputable CASB with easy to use data loss prevention tools is no longer a luxury—it’s a must-have.

data loss prevention free trial offer

Data Loss Prevention Tools You Need Now

Data loss prevention tools are an important piece of your information security tech stack

Data loss prevention is a much bigger topic than just the tools used to help prevent breaches and data loss. IT teams, and all employees, need to understand how to prevent data loss before they put all of their faith in a tool. However, when most people think about data loss prevention, they only think about data loss prevention tools.

There are different types of data loss prevention tools available, many organizations use more than one solution, based on their IT infrastructure. It is important to understand the types of data loss prevention tools available, and the circumstances when you would need to use them.

Why You Need Data Loss Prevention Tools

data loss prevention tools SMBs data breach

What is data loss prevention? In simple terms, it is the set of processes, training, and solutions put in place to prevent sensitive information from leaving an organization’s internal data environment.

Organizations face regulations that require them to secure sensitive customer and employee data, these regulations include (but are not limited to) the Fair Credit Reporting Act, the Children’s Online Privacy Protection Act (COPPA), and the Family Educational Rights and Privacy Act (FERPA). Many of these regulations don’t just require proper data loss prevention safeguards, but also periodic compliance audits and breach notifications. The right data loss prevention tool makes all of these requirements possible—and streamlined.

Organizational security is another level where a data loss prevention tool is needed. Information is the true currency of modern business, from the strategic advantage of a company’s intellectual property to the profits criminals make from selling student information on the dark web; information is big money. When a data breach does occur, it can cost the organization hundreds of thousands to millions of dollars. In fact, a recent National Cyber Security Alliance report found that 60% of small and mid-sized businesses don’t survive more than 6 months after a cyber attack.

Closely related to the issue of organizational security is customer trust. When a company or other type of organization experiences a data breach, the people it serves lose trust, this means a loss of customers or student enrollment. A data breach can also impact your customers’ financial security by exposing them to identity theft.

For these three basic reasons, organizations of all types and sizes use data loss prevention tools to run compliance audits and reporting as well as  protect sensitive business and customer information.

A Brief Overview of Data Loss Prevention Tools

what is data loss preventionThere are a few different categories of data loss prevention tools available. Some companies provide a full solution suite, while others may specialize in just one or a few areas. Some organizations may need data loss prevention tools for all of the above stated situations, while others may only need one or two tools. It’s important to know what types of data loss prevention tools you need, and how they work with your IT and security infrastructure.

Hardware Data Loss Prevention Tools

There are two ways to secure hardware from data loss: data access security and data recovery.

Data access security includes features such as password keys or the more Sci Fi-esque facial recognition unlock. These hardware data loss prevention tools focus on preventing unauthorized access to the hardware, like an iPhone, and the data stored on it.

The data recovery side of hardware data loss prevention focuses on the ability to reclaim data that has been lost due to hardware (or software) malfunction. So, if you’ve fried the motherboard or the device died, you’ll want to be able to get your important files and family photos back. Most organizations have solved this issue with automatic cloud backups.

A note on data recovery should include at least a brief conversation on recently popularized ransomware. Perhaps the most well known example of this is the WannaCry attack in 2017. But this happens often on a much smaller scale as well. When ransomware first made its debut, many organizations were forced to pay the ransom for their data. They simply could not operate without it.

Today, InfoSec teams use sophisticated data backups to protect against ransomware and hardware failure as part of their broader data loss prevention tool stack.

Endpoints & Network Traffic Data Loss Prevention Tools

An endpoint is any device that communicates back and forth with a network. An endpoint can be a desktop, laptop, smartphone, tablet, or server. Endpoints are targeted because they provide hackers access to an organization’s network and data.

Endpoint security is part of network security, and has become particularly important (and more challenging) with the increase in mobile devices. Employees expect to be able to access work information from anywhere they have internet access. This raises significant data security concerns, as each endpoint is a possible entry point to the network for cybercriminals.

Network security technology incorporates tools such as firewalls, proxies, agents, and/or gateways as a “man in the middle” to filter traffic and access to the network. This is the traditional perimeter security that most people think of when they think of cybersecurity.

Cloud Data Loss Prevention Tools

what is data loss prevention - sensitive informationPretty much everyone has moved to the cloud for daily business in some way shape or form. Perhaps you are just using email or messaging apps, such as Slack, or you’re using SharePoint for collaboration. Or you’ve gone all in with Google G Suite or Microsoft Office 365. A lot of work is being done in the cloud today, and a lot of data is being stored there.

Until recently, people generally assumed that their network-based cybersecurity tools, such as firewalls and secure gateways, were good enough for cloud security. But data being shared and stored in the cloud acts differently than when it’s managed on-premise, and that has opened unique vulnerabilities for hackers to take advantage of.

[RECORDED DEMO] See Cloud Data Loss Prevention In Action. Click Here To View >>

“The problem with the cloud is that it simply expands the systemic vulnerabilities that have existed since the Internet was developed. The internet was built for redundancy, not security.”
— Will Donaldson, CEO of digital security firm nomx, FOX Business

Data Loss Prevention Tools for Cloud Applications

As organizations move to the cloud, data loss prevention and security are increasingly becoming issues. A combination of open access and lax security infrastructure has led to devastating data breaches.

What Makes Cloud Data Loss Prevention Different?

As previously mentioned, cloud computing results in unique security vulnerabilities. An analogy we like to use is a bar.

When you get there, there’s a bouncer at the door checking IDs. The bouncer is like an agent or a proxy—he’s checking everyone’s credentials and filtering out those who should not have access to the bar. He’s also checking to make sure that there isn’t too much traffic going into the bar so it doesn’t go over maximum capacity.

But what the bouncer at the door isn’t able to catch is what is going on inside the bar. Say some kids with fake IDs get past the bouncer and are getting rowdy. Some of them are starting a fight, one is doing drugs in the bathroom, and another is puking in the corner of the bar. The bartenders (in this analogy, your system admins) are busy at the bar four rows deep and have no idea what’s going on. Sound like maybe it’s time to hire security? We do not condone underage drinking but we do believe this is a good analogy for the benefits of cloud secuirty.

Cloud security tools check traffic coming into and out of your cloud environment (like G Suite and Office 365). They also monitor what’s going on inside of the cloud enviroment. So, those underage kids that are causing a ruckus? The security guards can quickly identify there’s an issue and take action to protect the rest of the people in the bar.

data loss prevention tools human error

Cloud Data Loss Prevention Features

There’s a lot that goes into data loss prevention. First, you need to protect your environment from simple human error, accidental data loss represents 80 – 90% of all data breach incidents. You will also need to protect against malicious internal breaches, which can come from a disgruntled employee. You will then have to protect against external threats. This means quarantining malware and phishing attacks, both in your email platform and file sharing application (like Google Drive and Shared Drives), and removing unauthorized file and/or folder access.

Cloud data loss prevention tools must provide system administrators with easy control over activity in their cloud environment. This means they should be able to quarantine risky emails, files, and folders. They should be able to disable an account that is exhibiting abnormal behavior, and they should be able to discover and remove unsanctioned SaaS applications with risky access permissions. The tool should also allow admins to set up data loss prevention policies, which automate these remediation activities for them thus freeing up their time to focus on other priorities.

Must-have data loss prevention tool features:

  • Customizable and out-of-the-box data loss prevention policies
  • Ability to control or disable downloading the printing, and copying of files from file sharing, such as Google Drive, Shared Drives, OneDrive, and SharePoint
  • Automated and customizable blacklisting/whitelisting of logins by location
  • Domain whitelisting
  • Suspicious and high-risk behavior alerts
  • Unsanctioned SaaS app discovery and risk analysis
  • Malware and phishing prevention for cloud-based emails and file sharing applications
  • Automatic audits and reporting

API vs Proxy Cloud Data Loss Prevention Tools

There are two completely different types of cloud application data loss prevention tools. The difference is rarely talked about, but it is very important. It is the difference between API-based cloud security and proxy-based cloud access brokers.

The main difference in API vs proxy solutions is that a proxy cloud access broker (also known as a cloud access security broker, or CASB) uses traditional network security technology to try to solve cloud security challenges. But as we’ve already explored in this article, network security only secures the perimeter—what’s going in and coming out. These tools don’t adequately secure the activity that is going on once someone gains access (or already has access) to the cloud environment.

This difference is critical to your cloud security. Chances are that you already have network security in place that does the same thing as a proxy-based CASB. If you do, you’re basically duplicating the effort without solving the problem. Further, Microsoft and Google have both published articles advising against using a proxy or agent-based tool to secure their cloud suites.

API cloud security solutions use the application’s native APIs to basically become a native part of the app. This means that API-based cloud security data loss prevention tools are far better at monitoring activity within the application itself. The technology is also able to constantly update with the application itself, so that updates to the application don’t break your cloud security.

cloud dlp in action free demo

How To Prevent Data Loss

Think about how to prevent data loss like you think about how to prevent a heart attack

Think about data loss prevention like taking care of your health. To prevent yourself from having a heart attack, you eat well and exercise. You sometimes have to make decisions between spending a little more time and money on eating salad and lean protein, rather than cruising through the McDonald’s drive through. You go for a walk or a run, rather than sitting on your couch for hours and days on end. You take steps to prevent yourself from having a heart attack and, at the very least, know it’ll help speed up recovery if those measures fall short.

How to prevent data loss is very similar. You take all the reasonable and necessary precautions you can. That way, you can be confident that just about every breach scenario is covered—whether it’s unintentional or malicious. But, if a data leak does occur, you have the proper tools and procedures in place to make it a little less painful for everyone.

In 2018, the average total cost of a data breach cost companies over $7 million. That breaks down to approximately $148 per record breached. Would your business be able to weather such a cost financially? What projects or investments could you give up in order to spend the time, money, and other resources on correcting a major data breach?

Would you rather eat health and pay for a gym membership or have to get a double bypass?

No organization is too small or too altruistic to be hacked. Ponemon Institute found that attacks and data breaches on small to mid-sized businesses is increasing, and K – 12 schools and districts are also experiencing a significant increase.

Smaller organizations may not have a lot of information in terms of volume, but they’re viewed as easier targets. This is because they don’t have a lot of resources to protect themselves, and because there is a misperception that they’re too small to bother with. Sadly, for many smaller and public organizations, the data breach is the result of an internal bad actor motivated by greed or revenge.

What is Data Loss Prevention?

What is data loss prevention? It is the set of practices which keep sensitive and protected information from getting into the wrong hands.

Many go straight to thinking about data loss prevention tools, but preventing data loss is much broader than that. Preventing data loss should start with internal human error (the most common cause of data leaks!). It requires planning and documented processes from those responsible for managing your organization’s sensitive information (including information regulated and protected by the government).

Then, yes, bringing in a data loss prevention solution helps your information security team manage people’s data-handling behavior, see what risks and/or threats exist in your company’s environment, and quickly patch leaks, mitigate behavior, etc. It’s like a FitBit for your IT infrastructure!

Causes of Data Loss

As mentioned above, the most common cause of a data leak is improper internal data handling behavior. Often, these incidents are accidental but they can also be intentional bad behavior. Either way, a data leak exposes your company’s sensitive information to potential criminals and can easily lead to more problematic data loss.

But your strategy to prevent data loss needs to be as broad as the causes of loss. These are some of the biggest ones:

  • Human error. The majority of data losses directly involve someone’s mistake. Employees open sneaky email. They create easily guessed passwords and don’t guard them well. They log into lookalike websites. They walk away from computers without logging out, where unauthorized people could start using them.
  • Inadequate access control. Many organizations give out access too freely. People who only need to read data are allowed to alter it. When too many accounts have access which is too broad, data thieves will grab the chance to compromise an account.
  • Physical theft. We live in an increasingly mobile world, but mobile devices are easy to steal. If they aren’t well protected, thieves can pull volumes of valuable data from them.
  • Malware. Infected systems send confidential information to criminals until the problem is discovered. The systems keep working normally otherwise, and there’s no obvious sign anything is wrong. Sometimes they keep doing it for months before being caught.

How to Prevent Data Loss

How to prevent data loss in your information infrastructure must take all of these causes into consideration. Just like taking multiple proper precautions to stay healthy, layering data loss prevention best practices and techniques provides a much better chance of success.

There’s no such thing as absolute safety. But a good strategy will keep out anyone who isn’t both very determined and lucky—and will help your team audit and report on breach incidents and impacts.

  • Protect access to computers and mobile devices. Physical access is the simplest way for criminals to steal data. Avoid putting desktop systems where they can easily be stolen, and put proper security measures for mobile devices in place. Train employees to log out when they’re not using them.
  • Use firewalls and anti-malware software. Cyber criminals would love to get their code running on your machines so they can steal data from the inside. Use up-to-date security software on all on-premise servers and workstations.
  • Encrypt sensitive data. Thieves can’t get any value out of what they can’t decipher. Sensitive information should be encrypted in storage. Protecting it on mobile devices is vital. Everything should be encrypted, if possible, when transmitting it from one place to another.
  • Secure cloud applications. Using cloud applications, such as G Suite and Office 365 has many benefits, both financially and in terms of productivity. But cloud applications have unique cybersecurity risks that must be addressed with a cloud security solution.
  • Establish regular security training. Again, human error is the biggest cause of data loss. People trained in good security habits don’t make nearly as many mistakes. Follow up training with testing (e.g., sending an internal phishing email to see who falls for it) and make security part of the job ethic.

[CASE STUDY] How Kroenke Sports & Entertainment Prevents Data Loss >>

Data Loss Prevention is a Top Concern

It doesn’t matter if your organization is big or small. Chances are that you’re storing sensitive, personally identifiable information about customers and/or employees that is valuable to cyber criminals. Your company is legally required to secure and protect this data. But it’s also in your best interest from a financial and customer trust standpoint.

Having data loss prevention measures in place keeps your data secure, your business running, and your customers coming back for more. Don’t wait until open-heart surgery is your only option to staying on your feet. As they say, “An ounce of prevention is worth a pound of cure.”

Data Loss Prevention Free Trial CTA XL

Protect Your Empire with Data Loss Prevention for Office 365

Data loss prevention in Office 365 protects your sensitive information from rogues and nerf herders

data loss prevention office 365 death starIf the Empire had been a bit more careful with their intellectual property information, they may have been able to take control of the galaxy much faster. Instead, absence of effective data loss prevention resulted in the destruction of the Death Star. Twice.

But seriously, more than ever before, business organizations must be vigilant in guarding sensitive and confidential information. And as more companies are moving cloud-based productivity applications and data storage, the risk of falling victim to a catastrophic data breach increases.

What is data loss prevention and what kind of sensitive and confidential information are we talking about? Basically, businesses have access to two kinds of important information: personally identifiable information (or PII) and sensitive company information (which we’ll shorten to SCI). PII includes important info like a person’s social security number, date of birth, corporate passwords, etc. On the other hand, SCI could include intellectual property, financial reports, and drafts of press releases.

For a variety of reasons, it is important for business organizations to protect such data from criminals, competitors, or others that don’t have a right of access. While data loss prevention incorporates a broad spectrum of company information handling—from building security to hardware protection to firewalls to cloud security and everything in between—we’re going to take a closer look at how to secure your company’s Office 365 environment to prevent data loss.

Data Loss Prevention for Office 365

Microsoft Office 365 is among the most popular suites for business applications. If your company is using Office 365 for emailing, file sharing and/or storing information, it is important to understand how to effectively implement a data loss prevention, and how it’s different from securing on-premise Microsoft software.

In the traditional software product, IT system admins can monitor and review breaches of company policy without too much hassle. However, when an organization moves to a cloud-based (and therefore off-premise) solution like 365, IT loses sight of how sensitive files are being accessed, stored, and shared. This means that they’ve also lost some of their ability to defend against malware, phishing, and other cyber attacks in the cloud.

[CASE STUDY]: Learn How Kroenke Sports & Entertainment Gained Visibility and Control Over Office 365 >>

Doesn’t Office 365 Come With Data Loss Prevention Capabilities?

The short answer is: Yes and no. As with just about everything related to Microsoft, it gets a little complicated.

The level of data loss prevention capabilities depends on your subscription level. IT leaders in small to mid-sized companies, as well as those in education and government, will usually purchase the lower subscriptions due to budget. Many then realize that the visibility they had with Office on-premise is either gone, or will cost three times more per user per month to get.

Organizations that are able (and willing) to pay for Level 3 and above Office 365 licensing can access Microsoft’s native data loss prevention capabilities. This will include features such as:

  • Identify sensitive information in Exchange, SharePoint, and OneDrive
  • Remediate accidental sharing of sensitive information
  • User compliance notifications, tips, and education
  • Data loss prevention policy matching & false positive reports
  • Customizable data loss prevention rules & policies
  • Data loss prevention rules & policies templates
  • Incident reporting
  • Grouping & logical operators
  • Rule prioritization

Are There Other Options for Securing Office 365 Data?data loss prevention office 365 cloud security


Microsoft has created a great data loss prevention tool for their customers. If you work for a large enterprise that can afford adding it to your environment, that great! However, 3rd party tools are available that provide a lot more value, often at a more affordable price. Some advantages to choosing a 3rd party data loss prevention solution over native Office 365 data loss prevention include:

  • Ease of use. We all know and love Office, but let’s face it: it isn’t always super intuitive. Particularly when it comes to more technical, back-end products like data loss prevention. They’ve definitely spent more time developing the user interface of their far more popular products like Word, Outlook, etc. Creating rules and policies, identifying red flags and getting to the cause quickly, and pulling reports can all be made much easier and more efficient using a 3rd party data loss prevention tool.
  • Application Diversity. Using the native Office 365 data loss prevention solution only allows you to manage Microsoft-based cloud applications. So, if you have some team members using G Suite or Slack, for example, those applications will not be secured. You will either have to pretend like they just don’t exist (definitely NOT recommended) or you’ll have to get another data loss prevention solution to cover them anyway!
  • Cost. It’s been mentioned already, but it’s worth saying it again. Upgrading to a license level that includes data loss prevention for Office 365 is expensive, and simply unattainable for most SMBs, school districts, and nonprofits. The right 3rd party data loss prevention and cloud security solution can give these organizations the security they need at a price they can afford—while also saving system admins a ton of time.

[FREE] Make Sure Your Office 365 Cloud Security Settings Are Properly Configured. Download Your Free Checklist Here >>

How To Set Up Data Loss Prevention for Office 365

Whether you’re going to set up Microsoft’s native Office 365 data loss prevention tool or use a 3rd party solution, there are going to be 4 steps to take to make sure you’re securing your data properly.

Step 1: Map out your data loss prevention rules

While most solutions available will have policy templates built into the platform, it’s a good idea to sit down and document your data loss prevention rules before you get too deep into setting them up. Taking this step will help you clarify the type of information you have, where it is located, and what remediation policies to put in place in case the rules are broken. It’ll also help you clarify your thinking so you don’t leave out something important.

[FREE DOWNLOAD] Make Step 1 Easy With This Free Data Loss Prevention Mapping Template >>

Step 2: Step up policies in your data loss prevention tool

You’ll need to first “train” your solution to let it know what constitutes sensitive information and what to do with it. Many solutions will have predictive technology and/or policy templates for you to use to get started.

Since you’ve already mapped out the basics in step 1, step 2 is simply a matter of configuring the platform to do what you want. You’ll likely have some details to iron out in there as well. For example, you may need to set up exemptions for certain user groups and customize policy violation notifications.

Step 3: Run a Test

Most data loss prevention tools have a “sandbox” type environment where you can test out your new policy. Make sure you run several tests to make sure it is working the way you want it to. This simple step will save you hours of time dealing with false positives or negatives in the long run.

Step 4: Activate Office 365 Data Loss Prevention!

Once you’ve thoroughly tested your new policy, you’re ready to activate! Set it live and move on with you day.

Choosing A Data Loss Prevention Solution For Office 365 That Works For You

Choosing a data loss prevention solution for Office 365 and your other cloud applications is a critical step in securing your organization’s financial future. You don’t need to be an evil organization with an intent on subjugating a galaxy to fall victim to data breaches. Disgruntled employees and rebellious cyber criminals wreak havoc every day, causing millions of dollars in damages.

At ManagedMethods, we offer cloud application security and data loss prevention solutions that are easy to use, affordable, and (most importantly!) effective. Keep your sensitive data out of the wrong hands and avoid an explosively bad outcome. Sign up for a free 30-day trial today!

Office 365 data loss prevention check list Blog CTA XXL

What Is Data Loss Prevention?

What is data loss prevention and why does your company need it?

In many ways, data is the true global currency of our time. Companies and other organizations are now able to collect, analyze, and monetize an unfathomable amount of data. Unfortunately, criminals also have the ability to steal, use, and sell data for profit. As the number and cost of data breaches continue to rise, managers and leaders are asking: what is data loss prevention and how should we get started?

Data loss prevention is a strategy for ensuring the sensitive and protected information does not leave the company network. Tweet this!

The term is also often used to describe software and tools that help managers accomplish this goal. But data loss prevention isn’t just a tool. It’s about putting the policies, processes, and tools in place to prevent data breaches in your company.

what is data loss preventionWhat is Data Loss Prevention?

OK, so this makes sense. But what exactly is “sensitive and protected information”? Your company data can be put into two general categories: personally identifiable information and sensitive company information.

Personally identifiable information is protected by a number of government regulations. These regulations require not just security safeguards, but also compliance reporting and breach notification protocols.

Sensitive company information, on the other hand, isn’t regulated but a breach can negatively impact your company. Depending on the type of information stolen, a breach can compromise your data security infrastructure making it difficult to protect regulated personally identifiable information.

For example, if a file containing company passwords was leaked or stolen, criminals can use that information to access other areas of your information infrastructure that may contain personally identifiable information. A breach can also impact your company’s strategic advantage and financial security if intellectual property, source code, etc. are stolen and sold to competitors.

Personally identifiable information includes data such as:

  • Social security numbers
  • Passport numbers
  • Credit card numbers
  • Account numbers
  • Names, email addresses, and mailing addresses
  • Health records and information

Sensitive company information includes data such as:

  • Intellectual property
  • Files containing passwords
  • Source code
  • Draft press releases
  • Internal financial data

Data loss prevention solutions incorporate policies, processes, and tools for preventing the loss of such data to protect customers, employees, and companies from the harmful effects of stolen data.

Why Your Company Needs Data Loss Prevention

It’s no secret that data breaches are becoming more commonplace—and more costly. Data breaches can happen due to a malicious attack or simply because files were mishandled. Either way, they cause huge problems for companies and the people who are affected, including employees, customers, and shareholders.

2018 saw some of the biggest data breaches on record. You probably recall data breaches involving Marriott, T-Mobile, Facebook, Google, and Orbitz. But it’s not just the big guys that need to worry about data loss. Schools, local governments, and smaller companies get less press attention, but are still likely to fall victim to attack. Why?

These organizations don’t have the huge security budgets of the Fortune 100 class and are key targets for many cyber criminals. While the amount of data they can take from you is lower, it’s also much easier to access. This is because smaller organizations have less resources to manage information security, detect breaches, and investigate sources. Cyber criminals are finding these targets to be lucrative at a much lower risk. As a result, mid-sized businesses and K-12 schools districts, in particular, are experiencing an increase in data breaches both from external and internal threats.

Government regulations also play a role in why you need a data loss prevention solution in place. Regulations such as The Privacy Act of 1974, GDPR, HIPAA, FERPA, and more are put in place to protect consumers from the harmful impacts of a data breach. All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Island also have notification laws in place. These typically govern what constitutes a breach, who must comply with the law, and what information must be disclosed to the public.

Finally, there are the personal and financial impacts of a data breach. When you company’s data is stolen, the people who are affected have to deal with the anxiety, headaches, and financial losses of identity theft. There are also many factors that impact the financial toll that a data breach takes on the company. The Ponemon Institute 2018 Cost of a Data Breach Study reports that, on average, each lost or stolen record will cost a company $148. The study also calculates the average total cost of a data breach at $3.86 million.

How Data Loss Prevention Is Used

what is data loss prevention - sensitive informationPersonal information protection

As previously discussed, personally identifiable information (PII) is protected by several international, federal, and state regulations. If your company collects personally identifiable information, protected health information, or payment information you are most likely required to protect that sensitive data.

Data loss prevention starts by protecting this data in the first place. But, if a breach does occur, companies that use a data loss prevention platform can easily find out when the breach occurred, what files and information were impacted, and more.

Intellectual property protection

If your company owns intellectual property and/or proprietary secrets, a data breach could put its strategic advantage and financial future at risk. Intellectual property breaches can come from an external source, but can also be the act of a disgruntled employee or partner.

Data loss prevention tools can monitor user activity and detect improper or unusual behavior. Most data loss prevention solutions also allow information security teams to put customized policies and controls in place to ensure data is protected, while still be accessible to those who need it for operations, collaboration, innovation, etc.

Preventing Data Loss In Your Company

Preventing data loss starts with structuring your data loss prevention policies and processes. Then find the tools that will help you do the job. No data loss prevention platform or software will be able to protect your company without first defining the policies to rule the tool.

Processes must be put into place and your people must be trained on the importance of data loss prevention.

Many data breaches happen by accident, simply because an employee clicked on a phishing link or accidentally shared a file containing sensitive information. Do what you can to reduce the human error element in your prevention plan by defining policies and processes that people must follow when handling data.

A data loss prevention tool allows your information security team to easily monitor and protect sensitive and protected information. You’ll also need a solution that allows you to detect data breaches and stop further loss from occurring. Some tools have the ability to lock down a user account, revoke file sharing, quarantine emails and files, and more.

Data breaches can happen whether your data is stored on-site or in the cloud. Many organizations that have moved to cloud-based email and file sharing platforms such as Google G Suite and Microsoft Office 365 are vulnerable. Most don’t realize that their firewall and traditional proxy-based security solutions lack the ability to protect data stored in the cloud. Further, their IT teams lose the visibility and control over how files are being accessed and shared without a dedicated cloud security solution.

What is data loss prevention? The technical definitions are correct, but it goes beyond the terms and jargon. In the real world, data loss prevention is good governance of your customers’ and employees’ well being. It’s protecting that which we all hold most dear—our right to privacy and identity protection.


Data Loss Prevention Free Trial CTA XL

Portfolio Items