Accurate analysis also involves weighting and scoring offsets to determine whether a file or message should be flagged, and considering the identities involved such as the author of a document, the sender/recipient of an e-mail, and their roles within the organisation.
3. Insist on proven, pre-built policies
An extensive catalog of effective policies is the foundation of any data loss prevention (DLP) programme. These policies must be pre-built and tested, and effectively capture your companys best practices and business rules.
An ideal policy catalog should feature packaged, proven methodologies and blueprints that provide options to appropriately respond to violations based on who was involved, what occurred, and what was detected.
4. Protect more than just confidential and sensitive data
Besides preventing PII, IP, and NPI breaches, firms should mitigate all risks created by unsafe or non-compliant electronic behaviour. These can include offensive employee behaviour, communication not in compliance with regulatory requirements, uncontrolled financial transactions, and inappropriate handling of customer complaints.
5. Respond appropriately to each incident
Once an event has been determined to be a violation, a system should be in place to let the organisation respond in real time with the appropriate action such as blocking, quarantining, warning, encrypting, or informing, and then provide suitable steps for immediate remediation.
Each response should be gauged specifically to the type and severity of the violation in particular, by considering who is involved.
Other appropriate responses include redirecting a user to an informative webpage on company security policy, providing procedural support to complete the task at hand, classifying the relevant message or file, updating an incident dashboard and silently capturing problematic activity.
6. Optimise your incident response process
Half of the battle in data loss prevention is detecting real information leaks while minimising false positive detections. The other half is efficiently and decisively resolving suspected breaches as close to the incident as possible. To achieve this without impeding business workflow, firms need a complete, automated and fully customisable remediation application that helps supervisors and administrators review, audit, escalate, annotate, report, and resolve problematic activity.
7. End-user education and self-remediation
An effective DLP solution must interact with staff so that they understand why a given activity is inappropriate and learn how to self-correct and avoid potential future breaches. Appropriate interaction with employees at the right time ensures that security and other policies will be top-of-mind for them maximising their data loss awareness.
Besides reinforcing correct behaviour, ongoing education also deters malicious users, as they know their actions are being observed.
8. Implement a flexible architecture
A DLP solution based on a set of modular, distributed, data analysing components lets firms immediately and cost effectively address their most pressing requirements while being able to add new controls as their needs change. A modular approach will ensure speedy deployment, eliminate single points of failure, and easily scale to protect 500 or 500,000 employees.
Sign up for Computerworld eNewsletters.