Last week’s headlines revealed that the NSA PRISM program details were exfiltrated using a USB thumb drive. The news is filled with cautionary tales of data theft and cyber espionage. With advanced cyberattacks, data theft by employees through portable storage devices and stories of accidental data loss, we have had increasing insight to the frightening ramifications of data theft.
Here are 10 quick points to consider when contemplating how to keep your sensitive data secure and protected against data theft:
- Endpoint Protection - Intellectual property (IP) and confidential data is often "in-use" on endpoints, putting it out of reach of the protection offered by simple pattern data loss prevention (DLP) controls in firewalls and gateways. DLP endpoints can protect on and off-network devices to control what is copied, printed or transferred (including data moving to portable media drives).
- Portable Encryption - When data must be moved off the network and off the endpoint, you can enforce encryption for tighter control of that information.
- Enterprise DLP Controls - The differences between simple pattern-matching DLP solutions from fuller, enterprise-grade protection include: data registration (fingerprinting), advanced machine learning of data, data categorization as it is created, and defined policies for all content that matters to your organization's success.
- Prevention Polices Protect Property - This alliteration reminds us that often the key to success with DLP controls is getting to the prevention phase of a deployment. Often projects stall in data discovery and monitoring phases. To avoid this, start with a small set of confidential data and work the project all the way through to prevention. You could secure your most sensitive data within 6-8 weeks!
- Remediation and Auditing - Moving to DLP prevention policies can cause an unfounded fear of stopping data-in-motion and business processes. The key to solving this is to implement DLP solutions that allow end users to provide explanations for data use and self-remediate. This keeps data flowing while allowing visibility to administrators.
- DLP as a Defense - Security gateways that use DLP as a defense are critical when detecting password file theft, use of criminal encryption and slow data leaks over time. Geo-location destination awareness and incident reporting through forensics can provide important data theft information for mitigation and post-incident analysis.
- Image Text Analysis - Smartphones and camera-enabled devices now make it very easy to capture data. In addition, many times the sensitive data you are looking to protect are images themselves. The top DLP solutions now provide the ability to use optical character recognition (OCR) to analyze text within images and prevent data exposure.
- Malware and Hacking - We must recognize that DLP and data protection also hinge on solid defenses against advanced threats, malware and hacking. Implementing enterprise DLP without reviewing web and email gateway defenses is a common mistake. Traditional defenses such as AV, firewalls and URL filtering continue to be less effective. Therefore, it is essential that we look for real-time defenses that are put into action at the point-of-click.
- Phishing and Education - Building on the malware and hacking point, awareness is key with end users. Run phishing tests with select audiences to educate them on how to detect phishing attempts. Email defenses should also be able to sandbox and analyze URLs at the point-of-click.
- Get Funding - This can be the hardest part: getting senior management to recognize the threat of data theft and loss toyour organization. News stories and headlines often aren't enough to convince executives that it can't happen to your data, which is what an attacker wants them to think. Here's something you can do to help convince executives of the urgency of the situation: Turn on any and all monitoring defenses (even if they are more simple defenses) to document ALL manner of incidents to share with your leadership team. If you would like more information on how to share information with your team, our CSO has a great post on this subject available for you.