TechTarget.com defines data loss prevention (DLP) as a strategy that ensures sensitive or critical information remains under the control of the corporate network. It also refers to software a network administrator uses to control what data end users can transfer. Data loss prevention is also known as data leak prevention, information loss prevention, and extrusion prevention.
Software classifies and protects information deemed critical and confidential. Such classification shuts off any access to data by unauthorised users. Whether accidental or malicious, data loss can have many unpleasant effects like a disclosure that puts the organisation at risk. Consider an employee forwarding a business email to contacts outside a corporate domain or pushing a corporate file to a Dropbox-like regular a cloud storage platform. Employees should be denied permission.
Data loss prevention techniques are seeing increasing adoption because of insider threats and legislation around privacy. Many of these laws come with tough data protection and access components. To monitor and control key user activity, some data loss prevention tools have the added benefit of filtering data streams on the corporate network, thus protecting data in motion.
Tips for preventing data loss
With data, prevention is always better than cure.
Concrete steps to prevent data loss include:
This is timeless advice that deserves a mention.
You never know what could go wrong.
Verify backups by getting data off the device and back to your workstations.
Drills are an absolute necessity.
Schedule one right away.
Know that so much can go wrong as you perform a complete backup and restore even though it looks easy.
Low-traffic locations are your best bet to keep computers and devices from physical damage.
You can restore systems to their original configurations if things go wrong.
Many diagnostic programmes offer this.
Operating systems do too.
Use this handy feature as often as you need to.
Power systems can often produce large power surges that computer equipment is often powerless against.
Did you know hard drive data can be erased by even low-level bursts of electricity?
Uninterrupted power supply (UPS) can protect your equipment from lightning and electrical storms.
This keeps data intact for saving and backup during an outage.
Static electricity is harmful to storage media.
Data can easily be erased and components damaged beyond hope of recovery.
The computer can have lethal effects on your data.
Keep the programmes and their virus engine database updated.
There are pieces of software on the market that can scan hard drives for issues.
Avoid any surprising issues by detecting problems early and seeking appropriate solutions.
Backups can save the day in diverse computing environments.
Techniques for mobile data loss prevention
The ubiquitous nature of mobile devices makes them a cause for concern for data loss prevention. To protect data on mobile devices, methods like dual persona technology are needed to secure corporate information. It is common for employees to lose devices or download malicious content.
This can happen with proper encryption and password protection. A lost or stolen device containing sensitive corporate information creates a serious problem. Administrators often prefer to down any potential threats by wiping the device clean of any corporate data.
Ways by which this can happen include:
1.A remote wipe using tools like Microsoft Exchange ActiveSync and IBM Notes Traveler
This wipes everything from the phone (more like a factory reset).
What if the user didn’t do regular backups as IT recommends?
This is a scenario the thief might wish for.
2. Mobile device management (MDM) system for when an employee leaves an organisation
The advantage is it wipes only corporate content, leaving the user’s personal information intact.
It does a total wipe if the user requests it.
Remote wiping is not effective. The wipe command utterly fails if the device is in airplane mode or cannot connect to a network. Uninstalling the MDM client, or deactivating Exchange or Notes Traveler account means the device will not respond to the wipe command.
Uninstalling the MDM client or cancelling the email account will cause any associated data on the device to be erased. MDM technologies prevent employees from using crude copy-and-paste functions to move information beyond approved corporate perimeters. The basic tool to handle this is called a secure container or sandbox.
It is a password-protected, software-defined region on the device that stores corporate information independent of personal files. In the event of device loss or an employee leaving the company, the secure container is wiped remotely. Any corporate data sent to the secure container becomes tagged.
It cannot be forwarded; this is another key feature of the secure container. On a final note, the secure container can also store other applications whose contents cannot be forwarded. An MDM product can include a layer of secure cloud storage to ensure there’s no question of a consumer storage service like Dropbox.
Data loss prevention on social media
One may wonder at the correlation between social media and data loss. The proliferation of social media platforms has increased access to information. This is a convenience that quickly turns sour in the realm of data loss prevention. Digital communication is easy to manipulate for anyone with ill motives. Data can be easily tampered with outside the confines of a company’s security apparatus.
The continuous evolution of social information streams makes an effective response to emerging threats difficult. Social media redefined the standards of data loss prevention in terms of ease of exposure and vastness. It is more difficult to detect any compromise in data.
ZeroFOX Research shows in this insightful report the numerous challenges and risks of data loss prevention in the realm of social media. It lists an approach with multiple layers that administrators can adapt to detect and prevent data loss within the limits of their confines.
The report highlights a synopsis of how data exfiltration can happen on social media and analysis of posts (hundreds of millions) demonstrating growing PII disclosure over two years.
It also an overview of major data exfiltrating events performed using social media over the past 7 years including social media visuals of data loss instances and how to prevent, detect, and fix them. It also recommends modern security best practices for individuals and organisations. Data loss prevention should be of grave concern to everyone. Growing interconnectedness means we must take concrete steps to educate and be educated on the perils of modern technology.