Closed Captioning Closed captioning available on our YouTube channel

How to prevent data loss on your network

CSO Online | Feb 19, 2020

Use these tools and techniques to protect important data from being exfiltrated from your Windows network.

Copyright © 2020 IDG Communications, Inc.

This is Susan Bradley for CSO Online. Today, I'm going to talk about attacks on your data. And I'm not necessarily going to talk about attacks from outside. I'm going to talk about attackers from your inside as well.
Data can leave your firm in many, many ways before the Internet files had been transferred to storage devices or hard drives had to be taken off the premises. Now one can move massive amounts of files through any number of cloud services that can be used to migrate data. The key is to put in place technology to track or block the movement of data or to put alerts that get triggered when files are moved. First and foremost, internal data loss is often a human resource problem. If your employees are not happy in their work environment, they will justify stealing from the organization. So make sure that the culture in the organization is sound. Make sure your employees understand what data should not be shared or exposed through assigned employee manual that instructs the employees. And also that data inside your organization is properly identified and stratified. Remember, Edward Snowden was able to move sensitive information because he had access to them. So plain old NTFS file and folder permissions should be set up to allow only those users that actually need access to the information.
Then on sensitive folders, make sure you turn on auditing, go to the auditing tab. Click on ADD and add the persons that you want to track. You want to select a principal, someone in the organization and add the necessary auditing techniques. Auditing can be added on specific folders or through group policy throughout the organization. For those of you with on premise file servers, remember that the file server resource manager tool can be used to identify and move files that contain sensitive information. You can even use or him to encrypt sensitive information. I have linked to several howtos in the article, but if you go into FSRM, you can create a classification and identify the scope.
We can start a rule that looks for credit cards.
And add a specific type. Where it's going to look.
And then go into classification and choose credit card numbers and configured the pattern to look for in the case of credit cards. It's a very specific four digit number sequence. So you take that regular expression and you place it inside your classification. You build the rules so you identify the sensitive information inside your organization. You can also consider installing employee monitoring software that can monitor use and actions.
And remember, starting with Exchange 2013 and later, you can set up data loss prevention policies to prevent data from leaving the organization. In exchange 2013 and later, they're basically transport rules that are used to set and limit the amount of information contained in emails. In Office 365, there's several different ways you can protect information in Office 365. There's Office 365 advance compliance. There's information rights management that are available for Office 365.
And then there's Azure information protection, which is available for two dollars per user U.S.. That can be set up to automatically detect when sensitive data is in a document and said e-mail and restrictions which will automatically be set based on policy settings. For Azure information protection, a client is installed on the workstation and it helps to identify to the user sensitivity of the information. You, as the administrator, will set up the labels on the data. In the label process, you get to setup the protection, the labels, the color, and basically let the end users know how sensitive the information is. You can even set up offline access and you can restrict it. So there is no offline access or you can allow people to tap off like access for so many days. Bottom line is a very configurable and you want to take time to understand before rolling it out. And of course, don't forget that there's physical ways that people can remove data as well. USB flash drives, for example, can be used to take information off the network very quickly. So you'll want to look at group policy to block flash drives. And of course, the running joke goes, you can always use super glue to glue those USB slots closed. Now I have just scratched the surface as to the possibilities and ways that you can block information from leaving your office.
So think about it. You'll need to plan for it. Think about the risks to your organization and balance the risk of access with the need to have that information. As always, don't forget to sign up for tech talk from IDG, the YouTube channel that has the tech news of the day. Until next time. This is Susan Bradley for CSO Online.
Featured videos from