Detecting and preventing the leakage of data outside of an organisation is the true objective of Data Loss Protection (DLP). Whether the data is lost by an internal source maliciously, or whether it was by accident, DLP is seriously big business in mitigating the risk of sensitive information leaking out. The nature of DLP, it’s a process or strategy more than just a piece of software, means that if there are breakdowns in the process, data may still be lost. Here are a few ways to make that data loss more manageable when it does happen when you have a DLP strategy in place
If you’ve invested in safeguarding your company from data loss but it has still occurred, there has been some kind of breakdown, either in the strategy itself, or in how it’s implemented. It can seem overwhelming after you’ve invested a great deal of money under the assumption that DLP would work, so try employing these tips to get back on track:
1. Investigate and identify
If you can figure out how the leak happened and at what stage of the process then you can use the following steps to immediately rectify that part of the DLP chain. If not, read on.
2. Get back to basics
Where does your data reside and where is it going? Has every possible option been considered? Don’t just concentrate on cloud and endpoint based options, also consider how your data can physically be transported out of your company – through photocopies, USBs, lost devices.
3. Work with your provider
Work with your DLP solution provider to come up with solutions for these options.
4. Consider the people
A successful DLP strategy is one that involves people from all contributing parts of the company. Does part of the process need to be communicated in a creative way? Use a communications specialist. Get your management team on board to lead by example. Is it a process that is convenient and workable for all users, do they understand the guidelines? Ask for feedback and adjust.
5. Be at one with technology
Work with your provider to assess the technology you’re using, such as encryption enabling between third parties. Be sure to use the feedback from step four. For instance, are employees emailing documents to their personal email because remote access tools aren’t flexible enough for the way your business works?
6. Go forth and multiply
Be prepared to make multiple changes to your DLP strategy. It has to mold to your organization and, more importantly, the people in your organisation who don’t necessarily operate in the same way as your DLP technology does.
A loss in data having implemented a DLP strategy can be frustrating and time-consuming but it can be rectified and managed easily by implementing the above steps. It’s good to remember, also, that you should be relooking at these steps from time to time. As your business changes and grows, so too will your strategy.