Skip Links

Data Leak Prevention On The Cheap

Start with employee training and basic data safety

Small Business Tech By James E. Gaskin, Network World
July 22, 2009 09:42 AM ET
James Gaskin

Network World - You may wonder if DLP is the updated version of RUN-DMC, but what it really stands for is Data Loss Prevention. Some call it “Data Leak Prevention” to emphasize that important company data often “leaks” away through no malicious action. But as compliance regulations like HIPAA, PCI-DSS, and FRCP multiply like acronym rabbits, more and more companies must take steps to stop data from leaving their business, whether it's lost, leaked or stolen.

Huge companies struggle to deal with the size of this problem, and they have full IT staffs and money for security issues like this. Yet the DLP market remains small because of the complexity of the issue and the sizable cost and time required to keep files from leaving any exit point. Is there hope for smaller businesses that don't have full IT staffs and full security budgets? Of course. There's always hope, even when it's hidden under hard work.

The DLP group at Symantec hosted a training session for me and a few others not long ago in San Francisco. They understand this is a hard issue to get a grip on, and they've helpfully reduced the core issues to three bullet points. First, where is your confidential data? Second, how is it being used? Finally, how best to prevent its loss? Succinctly, the process is Discover, Monitor, and Protect.

Three little words, Discover, Monitor, and Protect, don't sound too bad, do they? Yet few companies, even the huge ones, really know where all their confidential data files are hidden in the various storage lockers on individual computers and file servers.

Once you inventory your sensitive data, such as customer Social Security Numbers or credit card information, you have to watch who uses that data and how they use it. Finally, you have to prevent intentional and accidental loss of those files. That means monitoring every USB port on every computer with access to sensitive files, and finding a way to block e-mails with critical files attached, or even information copied inside the body of the message.

Like all security functions, every file and every user must be monitored. That's a big job, and requires hardware support on the network, and software active on every personal computer. You shouldn't be surprised that systems like this come with six figure price tags, although a new company claims to cut that by more than half.

Before we discuss the serious investment in money and time DLP requires of large companies, let’s look at how you can protect your smaller company on the cheap. Here are four points to address.

First, explain to your workers why DLP matters and the penalties for mistakes. If workers don't know which files need protection, they can't protect them. Explain the penalties when customer information escapes. News stories help you with this by recounting yet another data loss just about weekly. Clip and save a couple of articles that outline the data breach laws, penalties and costs of customer notification. Even small companies fall under these guidelines, so emphasize how each employee may have to call customers and apologize for sending their credit card information to the Hackers 'R Us headquarters by accident.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News