Data Leak Prevention: The Top Mistakes Companies Make
Data Leak Prevention (DLP) refers to a system (or systems) that automates the monitoring of data to prevent unintended or malicious disclosure of company information. In an ideal world, businesses would have a human set of eyes on each email leaving the business to enable them to to assess and decide whether there is a risk in allowing the message to reach its destination. Of course, given the sheer volume of email content that flows in and out of a business each day, having a dedicated person to monitor each message is not only impossible, its “big brother” undertones are likely enough to halt employees in their tracks from doing their work.
The good news is that DLP technology provides a much more secure and unobtrusive way to protect businesses from accidental or intentional data loss. However, with a multitude of choices on the market, uniformed, fear-based decisions are too often among the key influencing factors – and biggest mistakes – behind an organization’s choice of data leak prevention (DLP) tools and how (or whether) they are deployed.
Mistake: Thinking the cloud still poses too great a risk.
Businesses that have not yet embraced cloud – the ones that still hold the outdated view that on-premise solutions are more secure than cloud-based ones – often find themselves frustrated when it comes to DLP. Like many on-premise solutions, the upfront investment followed by costly implementation and ongoing maintenance, means companies that go this route often face large capital expenditures. To make matters worse, these systems often don’t integrate well with existing solutions, including email infrastructure, which can significantly impact user adoption.
Reality: Cloud-based DLP tools are secure, robust, cost-effective and can be deployed alongside existing email infrastructure with the flexibility to span multiple sites and data jurisdictions. Data hosting location flexibility is particularly important for any company with plans to expand beyond its borders. For IT service providers, there is an enormous opportunity to help educate businesses and and demystify the risks and rewards of cloud-based security.
MISTAKE: Being too fixated on prevention.
Of course, “an ounce of prevention is worth a pound of cure.” This fact is not in dispute. However, businesses that focus solely on defending their security perimeter from “attacks” often miss an even bigger threat: human error and threats from the inside as well as proper response protocols and methods for detection after leak has happened.
Reality: Companies need to take a more holistic approach. Many data breaches (like the case of Sony) are a result of unauthorized access to sensitive information for an extended period of time without detection. Once detected, beefing up existing security won’t do anything to bring back leaked data. Along with looking at how to best strengthen a business’ security perimeters, companies should also look at solutions that extend data security and control beyond the perimeter.
For example, email encryption that works within existing email systems – so that people will actually use it – provides added protection. Also, the ability to fully revoke messages and attachments after they have been sent as well as the capacity to control how recipients interact with messages e.g. whether they can reply to, forward or even print the message, not only empower employees, but ensure greater security. Also, real-time activity notifications, so the sender knows the moment a message is received, read or deleted, provide an auditable “trail” of what’s happening to the message.
MISTAKE: Thinking there is no risk or DLP is just for enterprises.
There are some, often small and medium size business (SMBs), under the impression that they do not need any form of data leak prevention. They do not consider themselves to be at risk or a target for a data loss incident. These businesses may think that basic antivirus protection and firewalls are enough. Or, they are simply overwhelmed by the technology, where to turn to for support and what to choose. Cost is also a key factor and the belief that they cannot afford a DLP solution.
Reality: The risk is real and human error is often the culprit not malicious intent, which means every business should take measures to safeguard their data. SMBs need to look for IT service providers that offer solutions that include data leak protection as a core feature of their existing communications services such as email, IP phone, collaboration tools and file sharing.
While stand-alone security solutions often are out of reach to the SMB market because of cost and upkeep, the market is moving towards solutions with built-in security and compliance as a core feature. Cirius, for example, integrates tightly with Outlook, Office 356 and Google Chrome to provide encryption and message control directly from your existing email. It costs under $10 a month per user with no upfront costs or training required.
To find out more about Cirius’ DLP capabilities or to request a 30-day free trial for your business, visit: www.cirius.com.