A recent article in the New York Times, “Traveling Light in the Age of Digital Thievery“, shed new light on the problem of data theft. Because employees are routinely logging into corporate networks to access data and are carting proprietary data around on laptops, iPads and other mobile devices, it has become easier to steal valuable business data.
We will be running a series of blog posts on data loss prevention during the next few weeks to help educate small and mid-size businesses on how best to protect their important data from hackers and other thieves (as well as data lost “accidentally”). This week, we focus on tips for implementing a successful data loss prevention (DLP) policy.
An effective data loss prevention strategy involves more than just installing anti-virus and data protection software and calling it good. Data protection requires a multi-level strategy consisting of content monitoring, data encryption and policy compliance. To maximize data protection, user acceptance is imperative. So how to you get employees to buy into your company’s DLP policy?
Develop a written policy
Provide clear documentation explaining the parameters of the DLP policy to help users understand the goals of the DLP solution. Focus on the types of data you are trying to protect and ensure employees that the policy isn’t intended to spy on them.
User education is as important component of a successful DLP policy as is encryption and device control. Educated users are less likely to cause breaches. The more specific advice you can give users on how to prevent data leaks, the more holes you are able to plug.
Avoid being accusatory when informing a user about breaches in the DLP policy. Data leaks can be accidental, especially if the user isn’t well informed on the policy. Tell the user that it looks like he might be in breach of the policy and offer to provide more clear direction on staying within the parameters of the DLP policy.
Prevent accidental data loss
Accidents happen. Laptops get stolen, sometime they get lost. Protect against accidental data loss with security solutions such as encryption that renders data unreadable without a password and laptop tracing to help track lost or stolen devices.
Regularly monitor and report on data usage and access to demonstrate compliance with both internal and external regulations.
ACE IT Solutions can review your business’ security and DLP policy and provide guidance on how best to protect your laptops, iPads and mobile devices as part of a complete data loss prevention solution.
Download our whitepaper on Data Loss Prevention (DLP) & Internal Threat Protection for more information.