Data loss prevention (DLP) solutions are growing in popularity as enterprises look for ways to reduce the risk of sensitive data leaking outside the company. According to an estimate by 2020, 90% of organizations will have implemented at least one form of integrated DLP, up from 50% in 2016. A DLP solution relies on several core technologies that enable its engine to accurately identify the sensitive data that enterprises need to secure and take remediation action to prevent incidents.
Identify and Classify sensitive data
The priority in any successful data security strategy should be to understand the sensitivity of your data and it’s location – be it in databases, cloud, file shares, or all of the above – and then to conclude whether or not this data requires protection and how much if it does. Classification of data (Popularly known as data classification) helps by discovering the data first, regardless of its location. It then puts data into relevant buckets of categories, based on various factors such as sensitivity, size, and other factors and creates important policies that regulate, assign and restricts access to this data, and how they can use it. Data classification can help companies immensely in meeting the regulation mandates such as PCI DSS and GDPR. It also helps in protecting intellectual property.
Understand different types of threats
Many DLP solutions do not have the ability to understand external threats that put data at risk, they mainly focus on accidental data leakage (The insider threat). The tools that you choose for security must be reactive and have knowledge of external threats such as malware and brute force attacks. High-end DLP solutions are equipped with tools that can identify any external attackers that try to steal credentials and enter the network under the guise of an employee. Threat intelligence is very important in understanding the type of attack. In a scenario where a hacker corrupts an admin’s account – a smart and complete solution will block the admin from moving data or at least encrypt it, based on their unusual behaviors or where they have logged in from. Many security products claim to protect data but are not dynamic and contextually aware of such threats.
Safety measures for the accidental insider threat
Even with data classification and access controls in place, employees present a great risk to internal data. It is imperative for the IT teams to audit the employees on the level of risk that they present to company data. Some employees will present a greater risk than others. For example, Employees in the finance department may make a tempting target for cybercriminals due to the lucrative data that they process. Employees, on the other hand, with network administrator credentials pose a far higher risk than those with local user access. It is important to understand which employees present a higher risk to data and then to tailor defenses accordingly. In such a manner IT teams can dramatically reduce the threat associated with insiders.
Having more than one backup is always a good practice. 3-2-1 is the golden thumb rule. In this system, the company should have 3 backups of anything that’s very important. They should use at least two different formats for backups, such as on a hard drive or in the cloud. An offsite backup is imperative in case there is damage to your physical office.
Encrypt sensitive data
Organizations should invest in a backup system or service that automatically encrypts all backups to ensure that sensitive data cannot be accessed by unauthorized persons under any circumstances.
FOR A FREE CONSULTATION, PLEASE CONTACT US.
Comments are closed.