Knights in Cyber Armor: Your Data Loss Prevention Strategy

When it comes to data loss prevention, many organizations take a “castle” approach: You build a castle, surround it with a moat full of hungry alligators and hope that it’s enough to deter the ruffians.

But, what we’ve found in the cybersecurity space is this approach is outdated and inadequate. Too many hackers have found ways to storm the castle. Once they get in, there are so many vulnerabilities for them to expose. The focus, instead, needs to be on having data loss prevention (DLP) strategies.

What Data Loss Prevention Is

Before we dive deeper into this castle analogy, let’s take a step back and understand DLP. Data loss prevention is an approach to cybersecurity that combines tools and processes to protect sensitive data from hacks and breaches. That data might be governed by industry compliance like HIPAA or GDPR, or might simply be financial information your customers have entrusted you with.

Think of it this way. The bad guys break into the castle, steal your treasure chest, and then escape.  Once out in the woods, they realize that the treasure chest has a lock on it, which they can’t break, effectively rendering it useless to them.  That’s DLP.

DLP might involve encryption, two-factor authentication or monitoring, but, likely, it involves all of the above and more. It’s a key component of your overall protection strategy.

So why invest in DLP? It’s not simply to prevent attacks from the outside. If your company has a BYOD (bring your own device) policy, each computer or phone that accesses your IT systems puts it at risk. Data loss prevention can ensure that any outside device isn’t the vulnerability that causes a data breach.

Keeping the Castle Safe from the Inside

While, certainly, you want your best knights outside the castle protecting it with their lives, you want to give them a strong suit of armor, so they are best prepared to defend the castle.

But, you also need to focus on what you’re protecting. Start by manually applying protections to documents and data rather than basing protection on where it is stored, e.g. a folder).

Watch our key takeaways video

The first step is to implement information rights management (IRM) on important files. This is a form of security that protects sensitive data from being accessed or copied. You can apply tags and labels to restrict or allow access. A managed services provider like itSynergy can help you define tags that are appropriate for information inside the organization.

Here’s an example: You send sales proposals to potential clients, but you don’t want those to end up in the hands of your competitors. You could set restrictions that don’t permit the file to be copied or shared or give it an expiration date when it is no longer available.

You also need to build intelligence into the tagging process. This is an automatic process within Microsoft you can set up. Microsoft has pre-defined detectors (e.g., social security number, driver’s license number, credit card number) you can use to automatically apply labels to protect the data. 

Here’s an example of how this works: If you take a credit card number from a customer’s file and try to paste it into an email, the Send button is disabled so you can’t send the data.

We do want to share one important caveat to using these DLP strategies: If your technology isn’t updated, it may be challenging to fully benefit from the tools that are out there. If your operating system and hardware is up to date, you’ll be able to better leverage DLP tools.

How a Managed Services Provider Can Help with DLP

Setting up DLP for the first time can be overwhelming. You need the best tools to protect your unique systems. If you’re unfamiliar with your options, you might come up short trying to DIY a DLP solution. It’s a good idea to work with an MSP like itSynergy that can get you set up in a way that makes sense for your business.

Call the DLP experts at itSynergy to schedule an assessment of your current DLP strategies.

Leave a comment

Your email address will not be published. Required fields are marked *