In many ways, data is the true global currency of our time. Companies and other organizations are now able to collect, analyze, and monetize an unfathomable amount of data. Unfortunately, criminals also have the ability to steal, use, and sell data for profit. As the number and cost of data breaches continue to rise, managers and leaders are asking: what is data loss prevention and how should we get started?
Data loss prevention is a strategy for ensuring the sensitive and protected information does not leave the company network. Tweet this!
The term is also often used to describe software and tools that help managers accomplish this goal. But data loss prevention isn’t just a tool. It’s about putting the policies, processes, and tools in place to prevent data breaches in your company.
OK, so this makes sense. But what exactly is “sensitive and protected information”? Your company data can be put into two general categories: personally identifiable information and sensitive company information.
Personally identifiable information is protected by a number of government regulations. These regulations require not just security safeguards, but also compliance reporting and breach notification protocols.
Sensitive company information, on the other hand, isn’t regulated but a breach can negatively impact your company. Depending on the type of information stolen, a breach can compromise your data security infrastructure making it difficult to protect regulated personally identifiable information.
For example, if a file containing company passwords was leaked or stolen, criminals can use that information to access other areas of your information infrastructure that may contain personally identifiable information. A breach can also impact your company’s strategic advantage and financial security if intellectual property, source code, etc. are stolen and sold to competitors.
Personally identifiable information includes data such as:
Sensitive company information includes data such as:
Data loss prevention solutions incorporate policies, processes, and tools for preventing the loss of such data to protect customers, employees, and companies from the harmful effects of stolen data.
It’s no secret that data breaches are becoming more commonplace—and more costly. Data breaches can happen due to a malicious attack or simply because files were mishandled. Either way, they cause huge problems for companies and the people who are affected, including employees, customers, and shareholders.
2018 saw some of the biggest data breaches on record. You probably recall data breaches involving Marriott, T-Mobile, Facebook, Google, and Orbitz. But it’s not just the big guys that need to worry about data loss. Schools, local governments, and smaller companies get less press attention, but are still likely to fall victim to attack. Why?
These organizations don’t have the huge security budgets of the Fortune 100 class and are key targets for many cyber criminals. While the amount of data they can take from you is lower, it’s also much easier to access. This is because smaller organizations have less resources to manage information security, detect breaches, and investigate sources. Cyber criminals are finding these targets to be lucrative at a much lower risk. As a result, mid-sized businesses and K-12 schools districts, in particular, are experiencing an increase in data breaches both from external and internal threats.
Government regulations also play a role in why you need a data loss prevention solution in place. Regulations such as The Privacy Act of 1974, GDPR, HIPAA, FERPA, and more are put in place to protect consumers from the harmful impacts of a data breach. All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Island also have notification laws in place. These typically govern what constitutes a breach, who must comply with the law, and what information must be disclosed to the public.
Finally, there are the personal and financial impacts of a data breach. When you company’s data is stolen, the people who are affected have to deal with the anxiety, headaches, and financial losses of identity theft. There are also many factors that impact the financial toll that a data breach takes on the company. The Ponemon Institute 2018 Cost of a Data Breach Study reports that, on average, each lost or stolen record will cost a company $148. The study also calculates the average total cost of a data breach at $3.86 million.
Personal information protection
As previously discussed, personally identifiable information (PII) is protected by several international, federal, and state regulations. If your company collects personally identifiable information, protected health information, or payment information you are most likely required to protect that sensitive data.
Data loss prevention starts by protecting this data in the first place. But, if a breach does occur, companies that use a data loss prevention platform can easily find out when the breach occurred, what files and information were impacted, and more.
Intellectual property protection
If your company owns intellectual property and/or proprietary secrets, a data breach could put its strategic advantage and financial future at risk. Intellectual property breaches can come from an external source, but can also be the act of a disgruntled employee or partner.
Data loss prevention tools can monitor user activity and detect improper or unusual behavior. Most data loss prevention solutions also allow information security teams to put customized policies and controls in place to ensure data is protected, while still be accessible to those who need it for operations, collaboration, innovation, etc.
Preventing data loss starts with structuring your data loss prevention policies and processes. Then find the tools that will help you do the job. No data loss prevention platform or software will be able to protect your company without first defining the policies to rule the tool.
Processes must be put into place and your people must be trained on the importance of data loss prevention.
Many data breaches happen by accident, simply because an employee clicked on a phishing link or accidentally shared a file containing sensitive information. Do what you can to reduce the human error element in your prevention plan by defining policies and processes that people must follow when handling data.
A data loss prevention tool allows your information security team to easily monitor and protect sensitive and protected information. You’ll also need a solution that allows you to detect data breaches and stop further loss from occurring. Some tools have the ability to lock down a user account, revoke file sharing, quarantine emails and files, and more.
Data breaches can happen whether your data is stored on-site or in the cloud. Many organizations that have moved to cloud-based email and file sharing platforms such as Google G Suite and Microsoft Office 365 are vulnerable. Most don’t realize that their firewall and traditional proxy-based security solutions lack the ability to protect data stored in the cloud. Further, their IT teams lose the visibility and control over how files are being accessed and shared without a dedicated cloud security solution.
What is data loss prevention? The technical definitions are correct, but it goes beyond the terms and jargon. In the real world, data loss prevention is good governance of your customers’ and employees’ well being. It’s protecting that which we all hold most dear—our right to privacy and identity protection.