Finally, talk to your e-mail host about filtering outbound attachments. If you run your own e-mail server, dig into the manuals to figure out how to block all e-mail attachments. Third party spam and virus protection services usually have these services, so ask them.
However, never underestimate the creativity of idiots, and especially idiot users. I've seen users who can't reset their own desktop background figure out a way to send critical files via proxy servers and anonymous file transfer services. As Murphy says, the worst things happen in the weirdest ways. Wouldn't it be great if Vista's annoying User Access Control popups could be harnessed to ask users if they really meant to attach a file to an e-mail every time they tried? Next best thing is to talk to your security consultant and see what you can put in place.
A new player in the DLP world wants to bring this level of security down to mid-sized businesses. Tarique Mustafa, CEO and founder of nexTier Networks, called and told me about his company’s Compliance Enforcer line of appliances. By building its software into an appliance that can be pre-configured in many ways, nexTier's pricing starts at $30,000 for 100 users. Mustafa said it has customers with as few as 50 users, such as law firms. If you're a mid-size company, nexTier might be worth a look.
Will DLP ever be simple? No. Security is never simple. You must watch and monitor and track a thousand security issues every single day, which is hard work. But remember, the data breach you prevent may be your own.
Sign up for Computerworld eNewsletters.