Author Archives: Ratika Garg

Zecurion Announces Partnership with Dataguard Middle East

Partnership Enables Zecurion to Deliver Data Loss Prevention Solutions in the UAE and Other Middle East Countries

New York, August 18, 2017 — Zecurion, a major vendor for data loss prevention (DLP) solutions, today announced that it has signed a distribution agreement with Dataguard Middle East, one of the fastest growing distributors and IT service providers across the Middle East. The agreement is Zecurion’s first direct distribution agreement in the Middle East and forms part of the company’s strategy to focus on innovation and investment in its partner ecosystem. The partnership will enable Zecurion to expand its global footprint in the UAE and other Middle East countries.

The partnership is one of the many steps that Zecurion plans to take to build on its regional growth strategy and follows Zecurion’s recent recognition by Gartner in its Magic Quadrant for Enterprise DLP 2017.

“We are very excited about our new partnership with Dataguard Middle East. With their experience as a distributor of DLP solutions, knowledge of the enterprise security market, as well as their network of channel partners, we are all set to expand in this region,” said Alexey Raevsky, CEO of Zecurion.

Dataguard Middle East will distribute the complete range of Zecurion DLP solutions including Zlock, Zgate, Zdiscovery and Zserver. In addition, Dataguard will provide managed services to customers that are looking to deploy Zecurion DLP solutions in the cloud.

Rishan Ahmed, Product Consultant at Dataguard Middle East, said, “the partnership with Zecurion will greatly benefit our resellers, system integrators and customers through easier availability of leading enterprise DLP solutions at mid-market prices, greater collaboration for channel training and enablement, channel marketing support, and technical support from the team in Moscow and New York – all being key components of the relationship.”

He also added, “We are adding Zecurion’s superior DLP technology to our portfolio of security solutions. The partnership will enable our channel network to offer the most technologically comprehensive enterprise DLP solutions, as well as equip them with the right training and tools required for success in this highly competitive market. This is a significant development in the Middle East data security market and represents a refreshing opportunity to our partners in this sector.”

The distribution agreement is effective as of August 14, 2017, with immediate benefits to partners and customers.

For more information about Zecurion or this partnership, please call +1 866 581 0999.

About Zecurion

Zecurion is a global innovator and leader in security solutions that reduce risk by addressing internal threats. Founded in 2001, Zecurion has successfully developed and implemented security solutions providing proven and reliable protection against leaks for more than 10,000 companies around the world. The company’s solutions provide comprehensive protection against the leakage of information throughout the course of its life cycle – from creation and recording to archiving and deletion. Zecurion was recognized by Gartner in the 2014, 2016 and 2017 Magic Quadrant for Enterprise Data Loss Prevention. It has also received recognition through the prestigious Golden Bridge Awards and Network Products Guide, as well as consistently being ranked highest among developers of DLP analytics by CNews. Additional information is available at http://www.zecurion.com.

Zecurion and the Zecurion logo are trademarks of Zecurion.

About Dataguard Middle East

Dataguard is one of the fastest growing IT service providers and true value-added distributors across the Middle East, with solutions designed in collaboration with world-class vendors that deliver high quality and security.

Dataguard’s mission is to provide presales/post-sales support to all partners and customers, onsite as well as offsite through a remote support center that provides high-quality technical services. The company values providing uncompromised security on data, systems and networks.

Additional information is available at http://www.dataguard-me.com.

 

Analyst and Media Contact:

Ratika Garg

Director – Marketing & Channel Enablement, Zecurion

+1 (240) 449 6818

Ratika.garg@zecurion.com

 

The Top Data Breaches in 2017 – And It’s Only August

Since January 1 2017, there have been approximately 156,000 data records breached where the disclosure was unintentional or a malicious breach from an insider. These are breaches in all industries, to all kinds of individuals, and all sizes of companies. To put it in perspective, that’s roughly 867 records breached every day, or nearly two records every three minutes. We’ve rounded up the top data breaches for the first half of 2017. Prepare to be unsettled.

Registered voters in America
198,000,000 Americans registered to vote had their personal information exposed in late June this year. The firm responsible, a Republican data analysis company, Deep Roots Analytics, has taken full responsibility for the situation. Included in the breach was basic information such as voter’s first and last names, birth dates, home and mailing addresses, phone numbers, registered party, self-reported racial demographic and voter registration status. Alarmingly, a voter’s likely stance on abortion, gun control, stem cell research and environmental issues was also part of the breach. Fortunately, it appears that only a single Cyber Risk Analyst from another company was able to access the 1.1 terabytes of entirely unsecured data and was able to alert authorities in time.

Educational records at the University of Oklahoma
Also in June, the University of Oklahoma has been found to have violated federal law with their lax privacy settings across their campus file-sharing network. 29,000 educational records were accessed by email users on the system. These records included social security numbers, financial aid information and grades in records dating to at least 2002. The files have now been safeguarded but each breach could constitute a violation of the Family Educational Rights and Privacy Act.

Email addresses of US corporates
Just under 33.7 million unique email addresses were leaked in March this year. The company responsible, Dunn & Bradstreet, is a business services company so, at 30 million, the records represented a large chunk of the United States corporate population. This is the data that can be bought and sold – it’s unknown what the market rate would be, but it is reported that it can cost up to $200,000 to access just half a million records. The largest organizations affected include the Department of Defense, other armed forces, AT&T, Boeing, and the United States Postal Service. Interestingly, it remains unknown how the breach occurred, other than it was internal, although Dunn & Bradstreet stated it was not released through one of their systems.

Thankfully, many of these data breaches were eventually picked up by security companies monitoring for data exposure before the data could get into the wrong hands. While these are three of the most significant data breaches to happen this year, there are tens of thousands more where companies have had their data exposed through internal sources, either with malicious intent or by total accident. Companies that lose data through their own negligence, or lack of correct privacy procedures, can face legal action and be forced to pay damages to the individual’s affected. A data loss protection strategy is essential for a company of any size. It protects the individuals whose data is owned by the company, and it helps protect the company from the ramifications of any internal losses.

How to Use Prioritization to Enhance Your Data Security

Data loss prevention and data security can sometimes feel like a daunting and money draining task, particularly for SMBs. But cyberattacks and loss of data can be some of the biggest risks an organization can face in this modern-day climate. Companies don’t need to be big-name enterprises with large IT departments in order to operate as a top-performer in data loss prevention. When it comes to protecting companies and individuals from data loss, prioritization of data protection is key to successfully managing security, while still operating a well-running company.

  1. Knowledge is power

There are many studies that suggest that around one third of all companies lack sufficient policies for data encryption, classification and security. Knowing the risk and how your company might be affected is the first step towards data security.

  1. Consider the options

What is actually realistic for your business? While it is tempting to get caught up in the sophistication and benefits that some of these security systems hold, it’s important to prioritize what your company really needs for full protection. Extra benefits are nice-to-haves, and most security companies will scale plans up and down, so these can easily be considered once a working plan is in place.

  1. Learn about your company’s data

Back to the first point, knowledge is power – in order to be able to optimally prioritize data for security purposes, you need to know about your company’s data. What it does, who uses it, and how it moves around your computer systems. Depending on the size of your company, there are some mapping tools that can be put into place to assess this but you should also be looking for a general feel. In addition to the sophisticated software that’s out there, there’s an element of common sense to data security – if you think data could escape a particular route, it probably can.

  1. Top down data prioritization

Once you know the ins and outs of your company’s data, it’s important that you begin to assess the risk that a breach in data security poses for the different kind of files your company possesses. The higher the risk, the more priority needs to be given to ensuring that the data security around those files is impeccable.

  1. Balance it out

Bear in mind that often the more security and process you place around data, the more administration you are placing on your employees. Policies and verification processes all take time, and this adds up if it is manual time on each and every file the employee is using. Consider the effect that the loss of a particular piece of data will have on your company if it is released from your secure system. If the consequences are not high, and it’s much more effective for your business to run efficiently without cumbersome processes around those files, then go with that.

Prioritizing the kind of security that you employ to protect your company, and how you implement it, can sometimes mean the difference between being able to install security and data loss prevention plans in your company, or becoming like the one-third of businesses that have not done so. With these simple techniques, you should be able to efficiently breakdown and prioritize how to effectively go about protecting your company through data security.

Why a Data Breach Could Change Your Life – And What to Do About It

data loss preventionThe sensitive information of individuals is big business in the criminal world. An individual’s medical record can collect up to $50 on the black market, 50x that of a credit card record, and that’s before money has been elicited by using the record itself. Data breaches aren’t just confined to medical and financial though, in the modern world we are seeing trade secrets, intellectual property and other identification information being viewed or stolen by unauthorized individuals. Data breaches can dramatically affect your life, both as an individual citizen, but also as an employee or business owner. Fortunately though, there are ways to protect yourself.

Getting down to business

From a business perspective, data breach can be hugely damaging, to a company’s reputation as a whole as well as the consequences of what that data breach will bring. Particularly for companies that trade in knowledge sectors, data breaches can have hugely impactful and long-lasting effects if intellectual property or trade secrets are obtained by an unauthorized source. Companies have seen their long-term earning capacity significantly reduced, or even wiped out, from data breaches.

While the media generally highlights data breaches that happen on a mass scale to large and well-known brands, it is small to medium enterprises that can be hit hugely as their technology and processes are often not strong enough. Some studies suggest that almost 30% of SMEs have no plans in place to deal with security threats.

How to turn things around

A data breach response plan is crucial to maintaining the safety of your business. Sometimes it’s helpful to think about the digital risk of a data breach in the same way as a physical risk to your company, such as fire or theft. No company would operate without basic policies around high-risk areas, and data breach should be considered in this group.

A good data loss protection plan and state-of-the-art security will equip your company with the right tools and software to protect against ransomware, and inadvertent loss of data. But a truly great data loss protection plan is one that pre-empts the catastrophe by ensuring that all employees understand the level of risk associated with a data breach and are committed to putting in place best data loss protection practice in order to minimize the risk.

On an individual level

Whether you’re a business that holds sensitive information regarding individuals, or from an individual perspective, it is important to know the risks associated with having your personal data compromised. Of course, the consequences of stolen financial and medical records are fairly evident, but with the rise of sophisticated ransomware and malware techniques, criminals can embed themselves on your computer and commit serious crimes identity theft that you may not even be covered by in your insurance.

What to do about it

Firstly, look into how you’re currently protected on an insurance and a digital level and make the appropriate changes. Contact your bank and talk about options to protect your credit card online and fully understand their policies if your details are compromised. Shop around – protection isn’t standardized and different financial companies will offer different types of protection. That goes for your medical insurance also, contact your provider and get a clear understanding of what will happen if there is some kind of breach.

Then it’s time to look into your cybersecurity. Cyber criminals have gone from strength to strength in recent years so it is imperative to update your security and ensure the settings don’t ever have it sitting in an idle state. It’s also an excellent idea to look into password storage facilities like LastPass that enable you to have a different password on websites, particularly those you are sharing sensitive information with. Opt for a two-step verification process on any website that has it and use different security questions on different websites, where they are offered.

Data breach can have far-reaching and long-lasting effects on both individuals and companies. Put simply, the only way to combat this kind of criminal activity, as a citizen and as an SME or SMB, is through protection. For businesses, this involves a strategic data loss protection plan, as well as a crisis management plan if the worst happens and sensitive information, particularly that of individuals, gets into the wrong hands. For both businesses and individuals, computer security and prevention techniques when it comes to websites where your data could be compromised, are essential to mitigating the life-changing risk of a data breach.

Healthcare Industry Data Loss Problems – And Their Easy Solutions

According to a report by the Ponemon Institute, nearly 90% of healthcare organizations suffer data breaches. Internal threats such as mistakes—unintentional employee actions, stolen computing devices—account for nearly half of the data breaches. This statistic certainly serves to show the staggering problems around data loss in the healthcare industry. While the scale of the problem, and therefore the solutions to it, may seem incredibly vast, there are actually strategies healthcare organizations should be implementing in order to combat this high-risk situation.

Why is theft, or loss with malicious intent, so high?

Firstly, medical records can fetch up to 50 times that of credit card records on the black market. While that may seem far-fetched, it’s surprisingly not, given the amount of credibility medical records hold when it comes to identification. Criminals can easily use medical records to fraudulently bill insurance companies, obtain prescription medicine, in addition to other identity theft practices.

The move to digital and the losses that come with it

The digitization of medical records has been seen as a long overdue step by the medical community to reduce mounting hospital administration and provide patients with more reliable diagnoses and care. Proper due diligence isn’t being paid when it comes to data loss protection for a variety of reasons, budgeting, outdated technology and lack of knowledge among them. As a result, breaches into healthcare systems are becoming more and more commonplace, particularly as online criminals become more skillful, as well as hospital staff accidentally releasing sensitive patient information.

The problem areas

Data loss is considered to be one of the most commonplace ways for healthcare organizations to lose a patient’s medical files. The main problem areas include criminal attack, a stolen computing device, unintentional employee action and technical glitches in the system.

The root problem

At the root of these problems are outdated legacy systems and medical devices and poor training in data loss protection. Healthcare organizations have an extremely unique set of challenges when it comes to digitized information. Particularly for hospitals, the scale at which they work, is huge. The number of individuals who have files stored on their systems, as well as the number of medical professionals who are not highly skilled in computer literacy, is vast. Combine this with computer systems that need updating and a lack of budget to do so, and it is easy to see why data loss is so prevalent in the healthcare industry.

The solution

The solution to the problem can be simplified into two parts – update computer systems so that strong security measures can be put in place, and implement a data loss prevention strategy across the organization. The first solution requires budget, but it is imperative that this is prioritized. Ransomware and malware are becoming an increasingly prevalent, malicious, and ruthless way of obtaining data. Trends suggest that it will become even more of an issue in coming years and the only way to combat it is through state of the art security measures.

A data loss prevention strategy, while still costly, especially if implementing on a large scale, is more of an upfront cost and a slow burn investment. For healthcare organizations, a data loss prevention strategy is an incredibly cost-effective way to protect against data loss as much of it involves staff onboarding and communication in order to make it work. Of course, software systems need to be installed to protect files, but much of the hard work comes from ensuring that all staff understand what they need to be doing in order to avoid the inadvertent leakage of sensitive information.

With just a quick online search, you can see the mounting concern about protecting patient data in the healthcare industry, and the ever-growing and alarming statistics about how much data is currently being compromised. Healthcare organizations need to reprioritize budget in order to implement easy and effective solutions like state-of-the-art security, and a data loss prevention strategy that has buy-in from staff working both in hospitals and medical centers on network devices, and remotely on mobile.

Five Steps to Better Data Loss Prevention

Data Loss Prevention (DLP) protects companies against the loss of sensitive data. In the world of data, everything has increased. IT and cloud based software and apps, cyberattacks and increased mobile usage of employees are just some of the ways that confidential data can escape from a company. A relevant and working DLP strategy is key to preventing this from happening, or managing it in the most effective way possible, so we’ve put together five steps to better protect data.

Protect data in all locations

We mentioned mobility because it is one of the areas that even a great DLP strategy can completely fall over on. While a company might have fantastic Data Loss Prevention within its corporate LAN, this no longer serves as a contained endpoint for data loss. With mobile and cloud-based software usage at its current rates, data needs to be protected wherever it is. Additionally, look at finding an offsite server to backup your company’s data in case of an emergency breach through a natural disaster, crash or cyberattack. Having your data held in more than one physical location serves as an additional protection mechanism.

Prioritize the important stuff

DLP’s main role is the protection of sensitive data. There has to be a balance in companies between allowing file sharing to go relatively unhindered in order to boost productivity, and creating systems that prevent those files from being lost. This is generally done by choosing which of those files would be most detrimental to lose, for instance, intellectual property or financial records. This gives you somewhere to start and means that a DLP system won’t lower productivity for files whose public release would not be at all catastrophic.

Get to know your data

Monitor and track the regular movement of your data. This is particularly useful for picking up when there are internal threats in general, but mainly it makes it clearly visible where your sensitive data is going, and what threats it might face along the way. Doing this ensures that you are across what is happening with your data, and therefore will be able to ensure that the DLP strategy you apply will work for your company.

Ongoing help

Realize that a plan to prevent data loss is not a one-off investment of money, time and resource. Data loss involves, people, IT, and the web, all of which are constantly changing. Your DLP plan needs to constantly change and mature also. Engage with security solutions specialists to amend and rework all parts of the strategy, and then look internally to ensure that staff are receiving the guidance that they need – and that the strategy actually works for them and the way the work.

Incremental change

Much like the strategy itself, which constantly needs to rework and change, so too will your employees as they will be integral to ensuring the strategy’s success. Running a pilot that protects only the most sensitive data is a way to safeguard yourself against purchasing an incredibly comprehensive DLP strategy that doesn’t operate quite in the way it should. It’s only by testing it out in an incremental way, monitoring the data movement, as well as how employees are using the policies, systems and plans, that you’ll be able to ascertain whether that system is right for the business.

IT security no longer lies just with anti-malware or virus software. The significant advances in IT have brought with them substantial amounts of information and knowledge sharing through data. While this has seen a momentous boost in productivity, knowledge, and ideas for many companies, it has also increased the risk of important information getting into the wrong hands. Data Loss Prevention is an essential part of any company’s security policy and, with these five steps, you will be able to achieve a strategy and a plan that works for your company.

Data Loss Disasters: Are You Covered In An Emergency?

data loss preventionThe dreaded crash, the blue screen, or the security breach, brings on a familiar feeling of terror to every computer user. For small to medium sized businesses who are increasingly relying on software and cloud-based solutions to boost their company’s productivity, the stakes are much higher when this happens. The issue with the increase in IT solutions is that this also needs to be coupled with an increase in data security, particularly in the case of an emergency, and this doesn’t seem to be happening with SMBs. According to The National Archives & Records Administration in Washington, 43% of companies with no data recovery and business continuity plan actually go out of business following a major data loss.

While this covers all data loss, and not just internal threats such as accidental or malicious leaking, it is still a startling figure and one that can be easily addressed with a Data Loss Prevention (DLP) strategy. Any good plan should always incorporate an emergency scenario and that is what we will be discussing today, how to cover yourself in a data loss emergency.

Clear communication
This should be one of the most important features of any emergency response plan. When things go wrong people panic, people try to cover up and people inevitably do not take the most rational and responsible course of action. By ensuring that your emergency DLP plan is simple and succinct, and is clearly communicated to all staff in a way that they can easily action, you’ll help to ensure that employees take the right action.

Back it up
Knowing the risks is the first step to appreciating just how important data backup is. There are the ‘real life’ physical threats such as vandalism, fires and floods, and even power surges which affect thousands of computers every year. Then, of course, there are the not so physical threats such as cyberattacks and ransomware. With so many ways for an emergency data loss to occur, backing up files is crucial to prevent data loss in these situations, and always the easiest solution if it does occur.

Backup again. And again
Automate the backup to ensure that nothing goes to chance and that it occurs on a regular basis. Then find a separate server in an off-site location that will prevent data loss if your entire internal system is compromised. Again, it’s always easier to be able to recover the data from a backup, than from a crash.

Decent security
Your emergency response plan should employ or align with security professionals, largely to prevent the ever-present threat of cyberattack. Security professionals will be able to continually change multi-layer encryption and changing algorithms as part of their prevention plan, but they will also need to constantly update and review the emergency routine as part of this.

Given that most of us have experienced a computer crash in our lifetimes, we all know that emergencies happen. With the increasing threat of cyberattack, these emergencies are now much more widespread than ever before. By treating emergency data loss like it’s a reality, you’ll be able to create an environment where data is sufficiently backed up, and where an emergency response plan is as up to date and impenetrable as possible, and clearly communicated to staff so that it actually works.

Mobility and Security: What You Need to Know

The increase in mobile usage for work-purposes is a mutually beneficial development for businesses. It allows employees more flexibility and agility, both professionally and personally. And, in turn, this results in companies being able to reach their strategic goals in an effective way. The problem that businesses are facing with this increase in mobility, is that it inevitably means an increase in endpoints that a Data Loss Prevention (DLP) system has to cover. With roughly 90% of Americans now owning cellphones, many of which are brought into the workplace and even used for work in companies with BYOD (bring your own device) policies, it is essential to know what you should be doing to keep your files secure.

The risk
The risk is, of course, that increase in endpoints from mobile devices, wireless networks, and other mobile and cloud computing services. This creates an environment with no boundaries, unlike the in-office environment that DLP strategies generally cater for.

What exists currently
Mobile policies for companies tend to vary wildly from organization to organization, meaning there are no standard guidelines to follow. Many companies hope that their employees will follow their mobile policy when it comes to the sharing of confidential files on mobile. However, a policy is not a preventative strategy in the same way that a comprehensive DLP strategy is. It relies on a certain level of faith, and, given the level of work activity, and the level of access to work files, on mobile, this completely reduces the effectiveness of the entire DLP strategy.

What do companies do
Many companies avoid invasive software and protocols for mobile devices, often down to privacy issues, especially with BYOD workplaces, and device compatibility. Data Loss Prevention is normally not employed on mobile, so that comprehensive range of solutions for in-office, is not available for mobile in the same way.  Therefore, workplaces find themselves in a situation where employees can get around DLP protocols and send sensitive information to their phones and onto cloud sharing platforms at just the swipe of a button.

In some cases, employees are actually more likely to compromise confidential information by leaking or sharing it when they are out of the office, and therefore perceive themselves as less likely to be physically caught.

Some companies use Virtual Private Networks (VPNs) and Cloud Access Security Brokers (CASBs) to assist in reducing the risk, but there are major concerns with both. VPNs don’t have any control over interfaces that companies are increasingly starting to move towards such as Software as a Service (SaaS) apps like Salesforce, and Office 365. CASBs appear to get around this by allowing control over SaaS apps, however they offer very limited DLP capabilities, rendering them not a viable solution at all for most companies serious about DLP.

The solution
So, how do companies extend their security to the mobile arena? You don’t want to prohibit the easy sharing and transfer of content that enables your employees to work on the go, so generally it is best to place the focus specifically on prohibiting the transfer of the sensitive information you cannot have released:

  • Place a watermark on confidential content
  • Block screen captures and clipboard functions for sensitive information
  • Prevent download of sensitive files to mobile
  • Multi-factor authentication for apps
  • Log mobile activity and track suspicious circumstances

While DLP may not have the comprehensive architecture for mobile quite yet, that doesn’t mean it’s worth ignoring the risk. There are plenty of DLP solutions out there that can provide your organization with the focuses above and find a happy medium between complying with privacy guidelines and protecting your organization’s data.

5 Common Misconceptions About Data Loss Prevention Debunked

In an age where sensitive information lives in clouds and on endpoints, instead of behind lock and key, Data Loss Prevention has become big business. That infamous saying ‘at the click of a button’ now has to be a carefully monitored click to ensure that critical information isn’t shared with the outside world, either maliciously or by sheer human error. DLP can be a confusing area of the technology industry, not to be confused with its anti-virus counterparts, so we’re here to debunk some of the most common misconceptions people have around DLP:

The threat is from the outside
The ‘which is worse’ debate is hotly contested between inside vs outside threats, with the likes of Intel suggesting that internal actors were responsible for 43% of a company’s data loss, and half of this activity considered malicious, half accidental. Regardless of which statistical report you believe, internal threats make up a huge amount of a company’s data loss, particularly as internal threats have greater access to this data. They shouldn’t be ignored to focus on the, often perceived as more dangerous, outside threats.

Ready-to-wear solutions
Outside threats have held huge significance in our lives over the years – of any technological breach, outside threats are the ones that take up the most space in our news media, and what we absorb from the internet. Because of this, some company’s approach DLP from an ‘outside threat perspective.’ That is, they talk in the language of patches, firewalls and anti-malware. DLP needs a different approach because it is not a piece of software. The exciting thing about DLP is that it is an all-encompassing, working strategy fitted to your company, rather than an out-of-the-box, download it and hope it works software solution.

Call the IT department
Similar to our last point, there can be a misconception around who should be running a DLP strategy within a company. While DLP incorporates many technological elements to it, thinking that it should be an IT responsibility is along the same lines as treating DLP like it is simply software. To truly get the most out of a DLP strategy, it needs buy-in from all corners of the company. The threat is from the inside, therefore all those on the inside must be on-board with minimizing it, in order for it to work. How to do it? Delegate responsibility to its relevant skillset. Certainly pass over the specific technological aspects to the IT team, but also think of creative ways that leaders and communications specialists can communicate direction and action points to all staff.

Productivity grind
We have all experienced the dreaded words ‘new strategy’ at certain times in our career to be synonymous with ‘new admin’. It’s a common misconception that Data Loss Prevention will be time-consuming and add unnecessary frustration to a staff member’s already busy day. It’s crucial that we debunk this one as it is what will inevitably derail that buy-in from all staff members. DLP has been in the marketplace for a significant enough amount of time that its systems and protocols are fine-tuned and highly personalised. Professionals can look at a company and tailor a solution that’s convenient and efficient in requiring authorization only where it is needed. The key to this is, of course, how DLP strategy is implemented at the start. If policies clearly outline the levels of authorization, this clears up any risk of blanket rules applying across companies and slowing things down.

Too big to handle
For many small companies, DLP can seem overwhelming and the question is often raised as to whether it is really necessary for a small business to implement. The risk of data loss applies to all companies, big or small, so the question should be framed more around how sensitive the information is and how catastrophic it would be, should it be leaked. If the risk is high enough for either, then DLP shouldn’t be considered a solution that is too large for a small company. Because DLP is a series of policies and protocols, as well as the technological aspect, it can be applied incrementally. What is the area of a company that is most at risk? Set up DLP procedures around that data only and move on to the next important set of documents when you can.

While none of us want to believe that the employees who work for us, or alongside us, are capable of maliciously leaking sensitive data, the reality is that they are, as well as leaking it by accidental means. The Data Loss Protection marketplace looks to combat this with an holistic approach that involves more than just software and IT teams – it’s a company-wide program that, whose ownership firmly lies in the hands of the people who use it, not the technology itself.

6 Steps to Manage Data Loss Prevention When It’s Already Happened

Detecting and preventing the leakage of data outside of an organisation is the true objective of Data Loss Protection (DLP). Whether the data is lost by an internal source maliciously, or whether it was by accident, DLP is seriously big business in mitigating the risk of sensitive information leaking out. The nature of DLP, it’s a process or strategy more than just a piece of software, means that if there are breakdowns in the process, data may still be lost. Here are a few ways to make that data loss more manageable when it does happen when you have a DLP strategy in place

If you’ve invested in safeguarding your company from data loss but it has still occurred, there has been some kind of breakdown, either in the strategy itself, or in how it’s implemented. It can seem overwhelming after you’ve invested a great deal of money under the assumption that DLP would work, so try employing these tips to get back on track:

1. Investigate and identify

If you can figure out how the leak happened and at what stage of the process then you can use the following steps to immediately rectify that part of the DLP chain. If not, read on.

2. Get back to basics

Where does your data reside and where is it going? Has every possible option been considered? Don’t just concentrate on cloud and endpoint based options, also consider how your data can physically be transported out of your company – through photocopies, USBs, lost devices.

3. Work with your provider

Work with your DLP solution provider to come up with solutions for these options.

4. Consider the people

A successful DLP strategy is one that involves people from all contributing parts of the company. Does part of the process need to be communicated in a creative way? Use a communications specialist. Get your management team on board to lead by example. Is it a process that is convenient and workable for all users, do they understand the guidelines? Ask for feedback and adjust.

5. Be at one with technology

Work with your provider to assess the technology you’re using, such as encryption enabling between third parties. Be sure to use the feedback from step four. For instance, are employees emailing documents to their personal email because remote access tools aren’t flexible enough for the way your business works?

6. Go forth and multiply

Be prepared to make multiple changes to your DLP strategy. It has to mold to your organization and, more importantly, the people in your organisation who don’t necessarily operate in the same way as your DLP technology does.

A loss in data having implemented a DLP strategy can be frustrating and time-consuming but it can be rectified and managed easily by implementing the above steps. It’s good to remember, also, that you should be relooking at these steps from time to time. As your business changes and grows, so too will your strategy.