Preventing unauthorized data transmissions from entering or leaving an organization is traditionally the province...
of the information security department. However, it makes sense for business continuity (BC) professionals to be aware of data loss prevention (DLP), as it's an important BC activity that often goes unnoticed. This tip offers data loss prevention best practices to improve your organization's BC and disaster recovery (DR).
BC and DR professionals are responsible for ensuring that an organization's business processes, information systems and supporting technologies are protected and recoverable in the aftermath of a disruptive event. When conducting a risk assessment, for example, it's important to focus on internal and external threats. However, the tendency is more often to address external threats, such as hacking, phishing and denial of service attacks, given their frequency, severity and media attention.
Organizations and their reputations, competitive position and profitability could be just as easily damaged from an internal event, especially if that event involves the release of protected or secret data outside the organization. This could include customer records, engineering drawings for patented devices and any other high-risk data. Despite efforts to block unauthorized entry or egress of data, it is still possible for protected data to be released on the Internet where it can be viewed on social media and many other outlets.
Data loss prevention examples
Data loss prevention is a technique, supported by many types of technology offerings, that ensures end users do not send sensitive or critical data outside the corporate network. Preventing sensitive data from passing through a network perimeter requires software products that help a network administrator control what data end users can transfer.
DLP software is built on business rules that specify parameters by which data can be released -- or blocked -- from a network perimeter. The rules classify and protect confidential and critical data so it cannot be shared, whether intentionally or accidentally, with others. Such communications could put the organization seriously at risk.
Suppose an employee tried to forward a business email with a confidential attachment outside the network perimeter or upload a corporate file to a commercial cloud storage service. With data loss prevention best practices and DLP software in place and properly configured, the employee would not be able to accomplish those actions.
In addition to preventing the unauthorized release of confidential data, DLP systems can actively monitor and dynamically control endpoint activities. These proactive measures can help block suspicious transmissions that do not pass the business rules. They can also actively examine and filter data streams on the corporate network and protect data in motion.
There are a number of vendors that offer DLP products. The Symantec Data Loss Prevention offering, for example, extends data loss prevention to the cloud and across potential high-risk data loss channels by:
- Discovering where data is stored across cloud, mobile and on-premises environments.
- Monitoring how data is used, and whether employees are on or off the network.
- Protecting data from being leaked or stolen, no matter where it is or how it's used.
DLP best practices
As a BC and DR professional, how can you prevent data loss? Find out if DLP software is used, who is responsible for it, who sets the business rules, and who monitors and reports on its activities. Get details on any data loss incidents that were blocked, as well as those that passed through the network perimeter. Find out the impact to the organization -- if any -- of the data loss.
Check to see if the organization has a data loss prevention policy. For example, DLP policies can be a key factor in helping Exchange administrators combat internal threats. Exchange Server 2013 has features that can help administrators create and refine data loss prevention best practices and policies specific to their needs. If your organization has a DLP policy, find out who is responsible for enforcing the policy; see if you can partner with the people managing this activity and add it to your BC program initiatives. Even though the technology is likely to be managed by IT, the business process protection can be coordinated by BC.
In addition to DLP rules and policies, plus software to manage DLP activities, report incidents when they occur. Such reporting can make your organization aware of what occurred and indicate ways to take action. It may also be important for future audit scrutiny.
Data loss prevention is another way to protect businesses from potentially damaging releases of confidential data that could result in a business-threatening incident. As BC and DR professionals, abiding by data loss prevention best practices is yet another area of opportunity for you to reinforce your value to the organization.
Explore pros and cons of top data loss prevention products
Cloud data loss prevention becoming more important
Experts: Data loss prevention deployment shifting