Tag Archives: data loss prevention

Retail Data Breaches – Lessons Learnt


For the past couple of months we have been talking about data breaches across different sectors, their implications and best practices that can be implemented. In this blog, we will talk about retail.

Enhanced Digital Experience Drives Need for Enhanced Data Security

While the percentage of breaches in retail is low as compared to other sectors (as per Verizon, 1 in every 13 breaches is in retail), the cost of breach per record is very high. This is because a standalone breach in retail can account for thousands of accounts being comprised.

Retail is at the forefront of implementing customer-facing digital applications. As retailers create a seamless customer experience through an omni-channel strategy, the threat to data loss either because of employee error or malicious intent, or because of external factors such as hacker, malware etc. is also increasing. Another type of breach that retailers face is Denial of Service (DoS), which can heavily harm goodwill of the company. In this kind of breach, hackers overload the server and explicitly force the website to go down due to overloading.

While regulatory requirements have been set up to ensure organizations that process sensitive personal or financial information are in compliance, the threat from newer sources and methods is always there. According to IBM, the cost of breach per record in retail is US$ 165. Retailers not only have to pay a heavy price for these breaches in terms of penalties, but they also face the imminent threat of losing their loyal customers to competitors.

Best Practices in Retail for Proactive Data Loss Prevention

Zecurion recommends the following best practices that retailers should implement to thwart data loss threats from their endpoints, servers and networks:

  • Invest and install comprehensive data loss prevention solutions, developed from the ground up, rather than piecemeal solutions. The former provide more robust security features against internal and external threats of data loss
  • Involve end-users of technology in purchase decisions. Getting their feedback on issues they face helps identifying the right need and the right security solution that users are more willing to adopt
  • Educate the staff and conduct regular training sessions on data access policies. Make sure employees are aware of roles, restrictions and permissions assigned
  • Keep firewalls, anti-virus up to date. Make sure that there is no obsolete software running and all updates are current
  • Encryption should be the rule of thumb when exchanging any classified information. Two factor authentication comes very handy in high data volume environments
  • Secure the connection between networks and monitor endpoints regularly
  • Follow strict regulations and policies for Bring Your Own Devices (BYOD)
  • Generate awareness about POS RAM scrappers. These scrappers are used to steal data from infected POS machines. They can be easily installed remotely and the payment card data can then be reproduced within minutes, paving way for fraudulent transactions
  • Implement policies around safe removal of POS machines so no data can be misused
  • Set up regular checkup of POS machines to ensure there are no skimming devices that have been installed to get the payment card information
  • Implement and test a robust post-attack mitigation plan in case a breach does happen

It is worth mentioning here that the National Retail Federation has been actively campaigning for “Chip and Pin” cards. Payment cards have all the sensitive data stored in a microchip, with nothing embossed on the card. A “Chip and Pin” card will require a secret number to get approved instead of a signature. The requirement of having a pin number will aid in countering a lot of breaches, especially in case of stolen cards.

The “Chip and Pin” cards are in practice in other countries but are still not available in the US. While the initial set up cost for these kind of cards may be high, the security benefits offered will still outweigh the risk of a large data breach.

Best Practices in Securing Healthcare Data

 

Health is wealth. An old saying but it upholds an important underlying meaning. Consumers spend a great amount of money on wellness, prescriptions, medical examinations, lab tests, various auxiliary health procedures etc. With this, healthcare organizations have become a repository of vast amounts of sensitive data that these consumers share, making them soft targets for data beaches.

ITRC, Identity Theft Research Center, studied the trends of data breaches and concluded that in 2015, 35.5% of the breaches occurred in the healthcare sector. And 66.7% of the total records that were exposed were from healthcare industry.  ITRC also claims that as of date in 2016, 34.9% of the breaches and 34.6% of the total records compromised are from healthcare; an overwhelming 4 million records have been reported to be affected in just the first few months of 2016.

Zecurion has put together a list of best practices that healthcare organizations are recommended to follow in order to protect themselves from such incidents.

Early Detection through Proactive Monitoring

Having efficient algorithms and rules for the network helps detect early if PHI and PII is being accessed without proper authorization. Many automated tools are available today that can discover any such breach at the initial stage itself. And early detection can thwart data loss incidents.

Towards this, solutions such as Zecurion’s Zgate enable companies to monitor all forms of outbound network traffic and online communications. It also helps identify sensitive information and prevents it from leaving the network. Zgate uses hybrid content analysis – combining digital fingerprints, Bayesian methods, and heuristic detection – to filter outbound traffic and detect confidential data.

Multilayer Security Authentication

Multilayer security authentication is a must. Options for finger print, retina test or scanning of a smart card should be added to regular password options to establish identity of the actual user. User role needs to be identified comprehensively, and accordingly the extent of authorization should be granted.

Encryption, Encryption, Encryption

Healthcare servers have vast sources of confidential information stored. Proper encryption of stored data can prevent data loss. Zecurion’s Zserver offers an excellent solution in this context. The solution encrypts information on hard drives, disk arrays and SAN storage using innovative and sophisticated cryptographic techniques. This protects stored information whenever physical control of the media is impossible, whether moving data to the cloud, or in the case of hard drive loss.

Update Security Patches Frequently

Antivirus and firewalls should not be outdated or obsolete. The software should be current and running 24/7 365 days without failure. Still just deploying antivirus is not enough. Securing the endpoints is equally important to prevent data loss.

Set Up Dedicated Risk Assessment Team

The management should have a formal dedicated risk assessment team to look into various techniques, procedures, and access points from where the PHI and/ or PII leaves the system. The team may pose as insider threat actors and hackers, play bad cop and come up with customized solutions and risk mitigation plans to protect against breaches.

Implement Incident Response Plan

Drawing up an efficient incident response plan helps in mitigating and containing the aftermath. This is very important for the reputation of the organization. When reputation is at stake, having a robust plan that streamlines what needs to be done, when and how, saves time, money and credibility.

Cyberinsurance

Cyberinsurance is an option that healthcare organizations should consider to offset any financial liabilities that may occur as a result of data breaches.

Conclusion

Data loss prevention solutions are a must-have for healthcare organizations. They should be deployed without hindering or slowing down the access of information to care givers. While there is no fool-proof solution to any breach, it is best to go with the saying “prevention is better than cure”.

Top Breaches in Healthcare in 2015-16

 

Last week, we read about top breaches in the higher education sector. In this blog, we have identified for you top breaches in the healthcare sector.

  1. Anthem – February 2015 saw the largest healthcare breach of all times, with nearly 80 million records, containing sensitive data, getting affected.
  2. Premera Blue Cross – In March 2015, the Washington-based organization found that its 11 million records were hacked and both medical as well as financial data was breached. FBI investigation concluded that Chinese hackers were involved as in the case of Anthem breach. The organization provided two years of free credit monitoring to individuals affected by this incident.
  3. Excellus Blue Cross Blue Shield has been the third largest breach where in more than 10 million records were exposed.
  4. UCLA Health, based in Los Angeles, had 4.5 million records exposed in May 2015, as unauthorized user gained access to classified information.
  5. In Indiana, Medical Informatics Engineering, stated that 3.9 million records with Personal Health Information (PHI) fell into the hands of hackers in May 2015. Two years of free credit monitoring has been provided to individuals affected by this incident.
  6. In November, 2015, Maine General found that data from its system had been uploaded on an external website. Though the site did not have any sensitive information, it still exposed the vulnerability of healthcare to insider and external threats.
  7. In another incident, Washington State Health Care Authority (HCA) notified that 91,000 Medicaid patient files got mishandled. In this case, and HCA employee was helping an employee of Apple Health, a free healthcare service for low income individuals, with an Excel problem when the information got exchanged inappropriately, which is a clear violation of HIPPA regulation. Though the exposed information was not misused, yet both the employees were relieved from their jobs and one year of free monitoring was provided.

It is worth mentioning that the Department of Health and Human Services is becoming very vigilant in connection to HIPPA violations. The department is determined and is making sure that healthcare organizations are complying with HIPPA. If in non-compliance, the organizations have to pay hefty fines. Below are some examples of organizations that had to pay heavy fees as a result of non-compliance.

  1. Cancer Care Group, Indianapolis, paid $750,000 as HIPPA settlement.
  2. Lahey paid an exorbitant $850K to DHHS.
  3. Triple-S Management Corporation, however, tops the list by defaulting and paying a fine of $3.5 million.

According to the Office of Civil Rights, there were 253 healthcare breaches in 2015, with a combined loss of over 112 million records. To reinforce the importance of implementing data loss prevention, we have put together a few statistics from Ponemon, an independent researcher, on how vulnerable healthcare is to data breaches.

  1. At least 91% of the healthcare organizations have had one breach.
  2. 39% of the healthcare organizations have faced 2 – 5 breaches.
  3. 40% of the healthcare industries have been exposed to breaches more than 5 times.
  4. Data breaches in healthcare cost nearly $6 billion annually.
  5. Most important of all, non-malicious employee error is the leading reason for the breaches.

Conclusion

In conclusion, we can see how vulnerable our healthcare industry is to data breaches. The need to have robust and agile data loss protection solutions is strong and immediate. Those that are proactive and take adequate measures are bracing themselves for an imminent risk, while others are left behind. Data loss is no more new; it is there and it can strike anytime. Prepare and act now.

Top Breaches in Higher Education in 2015 -2016

In continuation to our series on data loss in higher education sector, this article identifies the top breaches that have taken place in institutes all around the country. These incidents are noteworthy because they spiked up awareness about higher education being a soft target for data breaches.

April 2015 saw one of the biggest breaches at Auburn University where about 360,000 people had their social security numbers exposed online publicly. These people were not even registered/ enrolled students of the university but were either applicants or prospective students.

In May of 2015, when the breach was discovered at Penn State University, it had already affected 18,000 records. It was found that the unauthorized access had started way back in 2012 at the College of Engineering and had gone unnoticed till 2015. The alarming issue here is that it took 3 years to detect the breach and the network had to be disabled for 3 full days, significantly affecting continuity of work.

June of 2015 saw another breach at Penn State University. This time, the College of Liberal Arts, came under attack for unlawful access.

A similar breach took place at University of Connecticut in July 2015. The servers were hacked by unauthorized users from China beginning 2013. About 1,800 user credentials were exposed though it was never confirmed if any intellectual data was compromised. During the investigation, malicious hardware was found on the servers.

University of Virginia notified in August 2015 that there was a cyber attack originating from China, resulting in the University reinforcing protection of its network against future breaches. Although no PII was stolen, people quickly became aware of the inherent risk that large institutes face because of lack of adequate data loss prevention measures.

In September 2015, at least 80,000 records of students enrolled in an online course at Cal State got hacked. Sensitive information was compromised because of this. The cause was attributed to malware in third party applications offered by a vendor administering the online course. While the PII was not exposed, user IDs and passwords, college emails, gender, and race were made public.

In another incident, California Virtual Academies (CAVA) informed its registered users in December 2015 that their data storage system was exposed as a result of data breach. CAVA, within hours, was able to locate the vulnerability and contain it by securing the system. Users were still urged to check their personal accounts, change security settings online and familiarize themselves with information provided on credit and identity protection.

In January 2016, Southern New Hampshire University (SNHU) confirmed that due to a configuration error on part of a third party vendor, a database containing names, email addresses, IDs, course details, scores etc. had been exposed. About 140,000 students had been affected due to the breach. Since SNHU claimed to have 70,000 enrollments, it was understood that the records either had been duplicated or both former as well as current students had been affected. The investigation is still ongoing.

In February 2016, University of Florida reported that as many as 63,000 records with PII were exposed to hackers. The records belonged to former and current students as well as staff members. The management also notified that credit card information, other financial data and health records were not comprised.

Conclusion

The above-mentioned incidents reinforce the vulnerability of the higher education sector. Tighter regulations and comprehensive data loss prevention solutions are thus deemed as a necessity in this sector.

Data Loss Prevention: Protection Beyond the Antivirus

Installing antivirus is no more adequate unless organizations have taken proactive actions and implemented other end-point security solutions to protect data loss arising from internal and
external threats. This traditional end-point security provision was sufficient in yesteryears when cyber-attacks were simpler and few. With the ever-changing technology and advancement in the nature of cyber-attacks, the antivirus as a security measure alone will not hold the fort for a long time.

Corporate data is mostly digital now. And sensitive data is accessed over multiple devices and networks. Telecommuting is rapidly growing and is favored in both private and governmental organizations, prompting employees to bring their own devices. Unfortunately, antivirus software is perceived to be the default security mechanism expected to protect against most IT threats. This, in turn, can be disastrous as it gives IT administrators a false sense of security, making critical data loss a harsh reality. IT administrators, therefore, need additional forms of protection such as end-to-end encryption and data loss prevention ((DLP) solutions.

What should an organization do to protect its critical data? We have some recommendations for organizations to consider in order to safeguard themselves against vulnerabilities of data loss:

  • Administer multiple layers of security instead of implementing just the antivirus.
  • Keep business continuity in mind while installing the endpoint security tool.
  • Encrypt data whether it is static or in transit.
  • Constantly monitor data coming in and leaving endpoints of the network.
  • Define user roles clearly, so employees are aware of who can access what kind of information.
  • Provide regular training to the workforce about security measures that need to be followed at all times.
  • Have a robust backup and risk mitigation plan ready in case of a breach.
  • Implement device management/ monitoring as an essential practice, particularly with the BYOD culture becoming a key workplace trend.
  • Install zero-day malware detection/analysis and content-aware DLP solutions.

These recommendations are the fundamentals to a strong IT security strategy. With antivirus no longer being the magic potion to deal with all threats, it is time organizations start implementing a more robust solution that encompasses various techniques aimed as data loss prevention.

Cyber Insurance –Driving Demand for Data Loss Prevention

No matter how robust and agile the system is, how efficient the organization’s policies and regulations are and how secure the network connections are, there is always a daunting risk of data loss either maliciously, by human error or due to system glitches. The total monetary loss after a cyber-attack encompasses both tangible and intangible elements such as loss of direct monetary gain, expenses related to specialist lawyer, IT forensics experts, investigators, various fees and penalties, digital disruption, credit monitoring, slump in good will etc. – all of which can be humongous.

This is enough justification for companies – large, medium or small – to get Cyber Liability Insurance Cover or CLIC. Of course, the coverage will not be the same for all but has to be customized as per the entity and therefore will have various terms and conditions and pricing. The major factors that dictate the type of CLIC are the type of data aggregated, size of the company and extent of the potential risk.

Cyber insurance companies offer add-on services with CLIC to custom build policies for organizations. Be it lawyers, forensic experts, spend on crisis management solutions, notification and restoration expenses – all become an intrinsic part of the coverage.

Cyber insurance companies that provide the best fit will typically have the following elements covered as part of their packages:

  • First party as well as third party coverage
  • Premium pricing
  • Claims payout
  • Underwriting risks
  • Ability to offer coverages ( policies, term and conditions) over a wide spectrum of cyber risks which include theft of intellectual property, data and software loss, network failure liabilities, data destruction, DoS, etc.

Similarly, underwriters at cyber insurance companies look for the following factors while setting premium rates for CLIC:

  • Check if data loss prevention (DLP) solutions are implemented. Also check for types of encryption, security for access points in the system. A comprehensive DLP solution could typically result in lower risk and hence lower premiums.
  • Understand awareness level of employees around access policies. This includes checking if regular trainings are held to keep employees updated on systems and policies in place. How well educated employees and vendors are about regulations and compliance has a significant bearing on CLIC.
  • Check what risk mitigation plan is in place in case of a data breach incident.

As in the case of any traditional insurance, if there is a rise in the number of claims and payouts, the CLIC deductible and premium increases. Or, the payout is cancelled completely when capped. As a result, organizations looking for CLIC usually demand more comprehensive data loss prevention solutions. When an underwriter sees and is convinced that the organization has taken good measures to prevent data losses, it may result in in lower deductibles and premiums.

What is the state of cyber insurance market in the US?

According to RnRMarketResearch.com, the cyber insurance global market was at an estimated US$ 2.5 billion in terms of gross premiums in 2014. In the US specifically, 46 states have made it a law that data breach incidents be notified publicly resulting in exponential demand for cyber insurance. Although 90% of the global cyber insurance policies are bought by US companies, yet only one-third of the US companies are covered. PwC predicts the market will grow to an estimated US$ 7.5 billion in annual premiums by 2020. Allianz, a German insurer, predicts the market to grow to US$ 20 billion by 2025. This will be a driving force in putting forth better policies and measures for DLP in companies.

Following are some of the key cyber insurance trends that were seen in 2015:

About 60% of brokers say that there has been a significant increase in the number of companies seeking cyber insurance in 2015, resulting in greater demand for DLP solutions.

Healthcare has seen the highest growth in cyber insurance demand due to its high vulnerability. Use of DLP could drastically reduce insurance-related costs.

Overall, awareness and news about data breaches accounted for more than 70% of CLIC sales.

Wrapping up, one can say that embracing cyber insurance at the correct time is imperative rather than taking the burden of monumental payoff in case of data breaches. The transfer of risk to a third-party gives an edge over competitors in the long-term by unlocking the potential for sustained growth. Simultaneously, reforming current policies and/ or pushing in for better and more effective DLP solutions is equally vital to keep cyber insurance related costs under control.

Zecurion’s Annual Review: 2015 Data Breach Statistics

 

*The ITRC tracks seven categories of data loss methods: Insider Theft, Hacking, Data on the Move, Subcontractor/Third Party, Employee Error/Negligence, Accidental Web/Internet Exposure, and Physical Theft.

The ITRC tracks four types of compromised information: Social Security number, Credit/Debit Card number, Email/Password/User Name, and Protected Health Information (PHI).

Total records exposed only include records for which count is available.

As we step into 2016, let’s look at the cost of data breach in 2015 and the trends that have impacted it.

Human Error Causes 19% of Data Breaches

Though malicious or criminal attacks pose as the main contributing factor for data breaches – almost 49%, yet negligent employees are responsible for an exorbitant 19% of the breaches, and 32% involved system glitches that includes both IT and business process failures.

Average Cost of Breached Record is $217

The average cost per lost or stolen record containing sensitive data is $217 for 2015. There has been a substantial increase of $16 per record breached in comparison to year 2014 which is close to an 8% increase. The average cost of $217 consists of $74 towards direct per capita cost and the remaining $143 towards indirect per capita cost. Direct costs are the costs that the companies spend to minimize the consequences of a data breach and to assist victims. Indirect costs pertain to what the companies spend on existing internal resources to deal with the data breach.

Higher than Average Data Breach Cost for Healthcare, Pharmaceutical, Financial, Energy, Transportation, Communications and Education

 

Some industrial sectors such as healthcare, pharmaceutical, financial, energy, and transportation, communications and education are more prone to the breaches and thus have higher data breach costs. They tend to have a per capita data breach cost more than the mean of $217. On the contrary, public sector (government), hospitality and research have a per capita cost well below the overall mean value.

Average Cost per Organization is $4.7 Mn to $11.9 Mn, Depending on Number of Records Breached

The number of breached records per incident in 2015 ranged from 5,655 to 96,550 records. The average number of breached records was 28,070. As the number of lost records increases, so does the cost of data breaches. In 2015, companies that had data breaches involving less than 10,000 records had an average cost of data breach of $4.7 million and the ones with the loss of more than 50,000 records had a cost of data breach of $11.9 million.

Among the number of factors that contribute to increased lost business costs, the significant ones are loss of business, legal services, investigation & forensics, increased customer acquisition activities and diminished goodwill.  In order to reduce the cost of data breaches, businesses need to make proactive decisions and make worthwhile investments in various strategies, key being setting up an incident response plan, implementing data loss prevention solutions, planning for business continuity and its management, appointing CISO with enterprise-wide responsibility and investing in employee training.

Zecurion Achieves Worldwide Silver Partner Status in the Samsung Enterprise Alliance Program

New York, September 23, 2015 — Zecurion, a leading developer of data loss prevention solutions, announced it has achieved silver partner status in the Samsung Enterprise Alliance Program (SEAP) enabling Zecurion to deliver mobile solutions aimed at preventing leaks of confidential data through Samsung Android.

The partnership with Samsung enabmles Zecurion to provide complete monitoring of corporate information on employees’ mobile devices efficiently and cost effectively, thereby preventing data leaks at various stages of information processing, storage, and transfer.

SEAP is an affiliate program of Samsung and supports companies in the use of Samsung products and solutions. Besides support for global marketing and distribution activities, Samsung offers technical support and expertise to its partners to enable development of differentiated mobile solutions that meet customer demands

With the silver partner status, Zecurion now has access to the extended library of the Enterprise SDK from Samsung.

Zecurion Mobile DLP finds copies of confidential documents on users’ mobile devices and blocks their transfer via unsecured open networks. All traffic is channeled through a protected corporate network. In the event of theft or loss, the device can be blocked by a security officer.

MHA NG (Mobile Hybrid Analysis Next Generation) is used to detect confidential documents on Android devices. A new version of MHA uses six different technologies for identifying confidential data, including MorphoLogic, a search by dictionary, templates and frequent expressions. The plan for the future is to add support for DocuPrints and SmartID. MNH NG is already correctly identifying over 100 different file types as well as encrypted documents.

For more information about Zecurion DLP Mobile, please call +1 866 581-0999.

About Samsung Enterprise Alliance Program (SEAP)

Samsung Enterprise Alliance Program (SEAP) is designed to provide differentiated benefits to partners according to their various needs. The goal of SEAP is to enable partners in creating new revenue opportunities in the enterprise mobile business with Samsung products and solutions. Additional information is available at visit: http://www.samsungmobileb2b.com.

Zecurion Releases Zlock Version for Mac OS

New York, August 26, 2015 — Zecurion, a leading developer of data loss prevention solutions, announced the release of Zecurion Zlock Mac, its groundbreaking new version of endpoint DLP developed specifically for Mac OS.

In June 2015, the companTwitter header pic 01122015y successfully completed the beta testing of Zlock Mac, in which more than 100 IT and information security professionals had participated. The beta test done by the developer community enabled Zecurion to incorporate useful feedback, eliminate errors, and improve overall  functionality of the solution.

Zlock Mac controls the use of USB devices and blocks leakage of sensitive data from computers that are running Mac OS X Mountain Lion, Maverick and Yosemite.

Just like the Windows version, Zecurion Zlock for Mac allows the security officer to create flexible policies for different types of USB devices, different groups and individual users. Besides giving the option to either allow or restrict the use of the USB device, it also allows partial access in read-only mode. Policy management for both Mac and Windows-based platforms is handled through a single management console, which greatly simplifies the work of security administrators.

“Many of our customers use Apple platform, which leads to an increased risk of losing sensitive corporate information from Mac. Taking into account the wishes of customers and the increasing demand for data protection from leaks for Mac OS, we have developed a special version of Zlock, which we are sure will be a great success with customers,” says Roman Vasilyev, Zecurion CTO. He added, “we want to particularly thank our customers and partners who participated in the beta testing of the solution. Through joint efforts, we not only eliminated errors, but also significantly improved the solution.”

For more information about Zecurion Zlock Mac, please call +1 866 581-0999.

Are Your Systems Overloaded with Piecemeal Solutions?

Sensitive information in terms of personal information pertaining to clients, customers, employees, and business-related information including business plans, strategy documents and financial records are of utmost importance for organizations in today’s knowledge driven world. If any of this information gets lost, stolen or tempered with, not only it burns a hole in the organization’s pockets for figuring out a viable and corrective measure but also brings down the reputation of the organization and people associated with it.

There are several ways how companies have been dealing with this kind of problem ever since business relationships started developing. Firewall is amongst one of the widely used programs for preventing any kind of intrusion or unauthorized transmission. It could be a very good line of defense for an organization to safeguard its assets but with the rapidly changing technology and ever growing data,organizations ought to have something more flexible, productive, secure and scalable solution.

In recent years, IT managers have implemented various security solutions beyond firewall to control the access of external devices and data exchange between employees with other stake holders outside the company. The solutions primarily focus on any of the components such as encryption, monitoring, scheduling and filtering of data while transmitting data over the network.

These piecemeal solutions might have helped organizations in winning small battles; however companies do not prepare themselves for the war in terms of data breach.

A survey by Osterman Research suggests that 30-60 percent of security solutions purchased become shelfware and are never utilized by the company due to various reasons.

In a race to solve immediate security issues, organizations have always focused on data access policies and not on data breach policies which are much bigger and larger than just restricting data access.

The most common solutions for data breach control are data management solutions in the market allowing IT managers to have access based on data classification, rules for data monitoring, data filtering based on sensitive keywords and dynamic data access and approvals.

DLP (Data Loss Prevention) is the common tool for data management solutions which integrates all these different components (Data Access and Rights Management, Web Filtering, eForensics, Endpoint Control, Network Diagnostics, Laptop Theft, Policy Enforcements, etc.) into one solution which can be easily managed by IT staff.

It is easy to define and enforce policies in DLP which removes the need for defining it in multiple tools and acts as an effective tool for IT managers. The data can be easily discovered, managed and protected at the same time. DLP solutions are quite flexible in defining rules for various users and also enable compliance with regulations such as HIPAA.

DLP is also equipped with the capability to protect data stored in cloud or mobile devices and helps in preventing data loss beyond the perimeter of the organization’s network. Most of the organizations focus on what the network is receiving to avoid any virus attack but ignore what’s going out and that is where the sensitive data becomes vulnerable.

In the short run, opting for piecemeal solutions may be cheaper and viable, but this is a more myopic view of looking at such an important issue. It may result in a financial burden or even can lead to brand tarnishing.  Instead, one should look at a broader perspective. A progressive way will be to implement a DLP solution which definitely will fetch better results as it does not require installing and managing different components at various locations. Perhaps, this will be advantageous and will prevent any intrusion or data loss thereby saving the organization from any kind of financial burden or loss of reputation.