Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Data loss prevention best practices

Vic Mankotia | Oct. 1, 2010
Here are eight things enterprises can do to protect their critical data from insider abuse

The creation and sharing of digital information in enterprises is continuing to accelerate. Being able to effectively and efficiently exchange this information to and from any location or person is a prerequisite for every successful company today.

However, the very same technologies, such as e-mail, Web and instant messaging (IM), that allow this collaboration between staff, customers and partners also create an enormous security risk for firms that use them. A single insider breach of sensitive data, whether inadvertent, intentional or downright malicious, can expose the company to far-reaching financial, legal and brand reputation costs.

Firms can take control of the situation by raising staff awareness about the value and proper use of sensitive information, and by learning where their valuable information is located, how and where it is being used, and the level of risk it represents.

Here are eight best practices to help enterprises prevent security breaches of Personally Identifiable Information (PII), Intellectual Property (IP), and other Non-Public Information (NPI), and mitigate risks created by unsafe or non-compliant behaviour.

1. Identify and prioritise your most vulnerable risk points

Unwanted internal and external disclosure of NPI (financial, business, HR, legal and regulatory data), PII (identity card numbers, credit card information, personal health data), and IP (patents, trademarks, design plans) can occur at many different points throughout your network.

While companies should strive to protect all potential risk points, it often makes tactical and financial sense to start by protecting the data and the mechanisms used to move this data that poses the greatest danger to the enterprise.

E-mail is the most susceptible data loss risk point for most firms, followed by removable storage devices like USB keys, iPods and laptops. Control-free Web activity is also a threat, particularly due to popular social networking and file-sharing tools like IM, Facebook and blogs.

Only after these three principal risk points have been sufficiently addressed at all important breach points should a firm move on to monitor and protect other vulnerable points.

2. Comprehensive accuracy is essential

While simple, content-based analysis uses lexicon matching to detect data loss violations, hundreds of compliant events are flagged for every identified authentic breach. With so many false positives, firms are forced to manually inspect hundreds of incidents (most of them legitimate actions), evaluate breaches post event, or relax policy. All these options significantly increase the probability of data loss by missing true violations and introducing potentially serious operational inefficiencies.

Companies need to have identity and business aware analysis techniques that can identify true violations while allowing legitimate business activity to take place. Such techniques must go beyond matching simple key words and phrases to examine content-around-content and context, while considering enterprise hierarchy and the identity of end-users involved.


1  2  3  Next Page 

Sign up for Computerworld eNewsletters.