In an age where sensitive information lives in clouds and on endpoints, instead of behind lock and key, Data Loss Prevention has become big business. That infamous saying ‘at the click of a button’ now has to be a carefully monitored click to ensure that critical information isn’t shared with the outside world, either maliciously or by sheer human error. DLP can be a confusing area of the technology industry, not to be confused with its anti-virus counterparts, so we’re here to debunk some of the most common misconceptions people have around DLP:
The threat is from the outside
The ‘which is worse’ debate is hotly contested between inside vs outside threats, with the likes of Intel suggesting that internal actors were responsible for 43% of a company’s data loss, and half of this activity considered malicious, half accidental. Regardless of which statistical report you believe, internal threats make up a huge amount of a company’s data loss, particularly as internal threats have greater access to this data. They shouldn’t be ignored to focus on the, often perceived as more dangerous, outside threats.
Outside threats have held huge significance in our lives over the years – of any technological breach, outside threats are the ones that take up the most space in our news media, and what we absorb from the internet. Because of this, some company’s approach DLP from an ‘outside threat perspective.’ That is, they talk in the language of patches, firewalls and anti-malware. DLP needs a different approach because it is not a piece of software. The exciting thing about DLP is that it is an all-encompassing, working strategy fitted to your company, rather than an out-of-the-box, download it and hope it works software solution.
Call the IT department
Similar to our last point, there can be a misconception around who should be running a DLP strategy within a company. While DLP incorporates many technological elements to it, thinking that it should be an IT responsibility is along the same lines as treating DLP like it is simply software. To truly get the most out of a DLP strategy, it needs buy-in from all corners of the company. The threat is from the inside, therefore all those on the inside must be on-board with minimizing it, in order for it to work. How to do it? Delegate responsibility to its relevant skillset. Certainly pass over the specific technological aspects to the IT team, but also think of creative ways that leaders and communications specialists can communicate direction and action points to all staff.
We have all experienced the dreaded words ‘new strategy’ at certain times in our career to be synonymous with ‘new admin’. It’s a common misconception that Data Loss Prevention will be time-consuming and add unnecessary frustration to a staff member’s already busy day. It’s crucial that we debunk this one as it is what will inevitably derail that buy-in from all staff members. DLP has been in the marketplace for a significant enough amount of time that its systems and protocols are fine-tuned and highly personalised. Professionals can look at a company and tailor a solution that’s convenient and efficient in requiring authorization only where it is needed. The key to this is, of course, how DLP strategy is implemented at the start. If policies clearly outline the levels of authorization, this clears up any risk of blanket rules applying across companies and slowing things down.
Too big to handle
For many small companies, DLP can seem overwhelming and the question is often raised as to whether it is really necessary for a small business to implement. The risk of data loss applies to all companies, big or small, so the question should be framed more around how sensitive the information is and how catastrophic it would be, should it be leaked. If the risk is high enough for either, then DLP shouldn’t be considered a solution that is too large for a small company. Because DLP is a series of policies and protocols, as well as the technological aspect, it can be applied incrementally. What is the area of a company that is most at risk? Set up DLP procedures around that data only and move on to the next important set of documents when you can.
While none of us want to believe that the employees who work for us, or alongside us, are capable of maliciously leaking sensitive data, the reality is that they are, as well as leaking it by accidental means. The Data Loss Protection marketplace looks to combat this with an holistic approach that involves more than just software and IT teams – it’s a company-wide program that, whose ownership firmly lies in the hands of the people who use it, not the technology itself.