Most organizations have security controls in place to protect sensitive data from outside threats. Preventing data leakage from inside the organization is another matter.
For its 2019 Global Data Risk Report, Varonis Data Lab analyzed 54 billion files across 785 companies in more than 30 industries. The researchers found that 1.2 million folders — 22 percent of those analyzed — were accessible to every employee. More than half (53 percent) of companies had at least 1,000 sensitive files open to all employees.
The risk of uncontrolled access is real. In a 2019 study by Sapio Research, 63 percent of survey respondents admitted to bringing data from past employers to their new jobs. Additionally, 43 percent of business decision-makers use personal email, 37 percent use WhatsApp and 31 percent use social media to send files and collaborate with colleagues.
Obviously, this research was performed before the COVID-19 pandemic made remote work the norm. With employees working from home, the risk of uncontrolled access to sensitive information is much higher.
Finding Sensitive Data
Data loss prevention (DLP) tools can help reduce the risk of data loss or exposure by discovering, monitoring and managing sensitive data across the enterprise. DLP platforms also aid in compliance with government and industry regulations by ensuring that all users adhere to established policies regarding data protection.
In most organizations sensitive information is shared among several employees. There is no visibility as this sensitive information is spread across multiple vulnerable locations. This lack of visibility is a contributing factor in many data loss incidents. As a result, the first step in preventing data loss is to identify sensitive data that needs protection — including intellectual property such as design documents, corporate secrets such as financial reports and personal data such as payment card information.
DLP solutions include discovery components that identify sensitive data in file servers, databases, email repositories and cloud-based platforms, and on endpoints and removable storage. Both structured and unstructured data are classified using policies that define various types of content. Best-in-class DLP solutions also use behavior analytics to determine which users have access to the data.
Controlling Data Transmission
Once sensitive data is identified, the DLP solution serves as a centralized platform for setting, managing and enforcing policies governing the protection of that data. Discovery and policy management functions work together to automatically inspect communications and protect data as it travels across the network and beyond.
Administrators can set policies that govern how various types of content are handled. Depending upon the nature of the sensitive information, the DLP solution could pop up a warning, require that the data be encrypted, or prohibit the data from being transmitted via email, instant messaging or social networking sites. DLP solutions can also prevent unauthorized users from downloading or copying data onto an endpoint.
Notification mechanisms alert organizations of security lapses so that sensitive data may be transferred to a more secure location. Reporting and analytics tools aid in regulatory compliance and in targeting employee training and awareness programs.
In today’s work-from-home environment, it’s more difficult than ever for organizations to control the movement of sensitive information within and outside the enterprise. DLP solutions can help by setting and enforcing policies regarding the transmission and use of various types of data. Contact Technologent to discuss how you can incorporate DLP into your cybersecurity and compliance strategy.