In 2017, it was found that only 35% of companies in the United States had implemented solutions for data loss prevention (DLP). While external threats or attacks on large corporations such as the InterContinental Hotel Group and the U.S. Air Force are widely reported on, data loss is actually much more extensive than this and affects both large corporations and small to medium sized businesses. DLP is now essential for all companies to implement, as doing business becomes increasingly digitized. Here are 5 best practices to follow in 2018 that will lead to DLP success:
- Create a deployment strategy for all types of data
Sometimes it’s easiest to think of the data that your company holds in three ways – data in motion, data in use, data in store. Data in motion is fairly self-explanatory and involves any data that is in transit on the wire. Data in use is files that are open and could be breached through a moving device such as a USB. Data in store is the data that sits on file servers. Each of these needs a slightly different approach, for instance, a system that crawls is great for assessing a storage server but won’t work quite as well for data that’s already in transit.
- Create a document classification matrix
Keep it simple and pick three to five classifications – with the most sensitive data such as financial information and intellectual property being classification one and data that is public information being classification five. Go through and input the types of files that your company holds into this matrix, and most importantly, identify why you’re doing it. These key features of files will help with your DLP strategy in general.
- Communicate thoroughly to employees
Effective communication involves responsibility, ownership, training and buy-in. Buy-in can be gained at any level by thoroughly explaining the purpose of a DLP strategy and the risks involved. Letting your employees know that you take the work they do seriously and that you’re open to suggestions is essential in creating a well-run, open environment for a DLP plan to be effective.
At the management level, thorough training of the processes and procedures, as well as ensuring that everyone clearly knows their area of responsibility, is important to ensure that policies filter down to all employees. This includes repercussions when policies are not followed carefully.
- Identify what the risk response process will be
This involves not only the management body, but also IT and communications teams. If things really do go wrong, it’s essential that everyone knows what their role is prior to it happening. Ensure that you set expectations carefully – things aren’t necessarily going to go wrong during office hours.
- Carry out a gap analysis regularly
When you first implement a DLP solution, figure out what an acceptable level of risk looks like for your company. Your document classification matrix will help with this. Have your IT team regularly carry out a gap analysis where they look at the current risk level for data loss and the acceptable risk level. Have your executive level look at this reporting and decide on changes to policy, such as additional rules, processes and training, as a team.
The rate of internal data loss is drastically increasing, largely due to the number of digitized files that are increasing and the reluctance of employers to see the need for a DLP solution. When you see modern businesses losing important files through simple means, such as unencrypted emails, it’s clear that DLP needs to be taken more seriously. We’re going to see more high profile data loss incidents in 2018 so ensure that you follow these best practices to protect your company as we navigate the changes that the digital age brings.