Page 37 - Cyber Defense eMagazine forJune 2021
P. 37
● Which sensitive data you hold, where they are stored, and the order of prioritization;
● Who accesses/is responsible for that particular data set;
● The acceptable uses of that data set;
● Where it’s allowed to go, and where it’s not;
● How responsibility is assumed when a violation happens.
Once these are clear, charter a DLP program structure to ensure order, accountability, and
stakeholder buy-in.
2. Secure “prevention” technologies, not just “cures”.
As I said, most data loss prevention companies don't differentiate data loss prevention from loss
remediation. My advice: Find an effective DLP tool that allows you to:
● Gain visibility across all your cloud channels, while maintaining privacy.
● Implement powers of detection against cyber attacks and threats.
● Automate detection and quarantine of messages, attachments, and documents with
sensitive data, as well as the resolution process.
● Limitlessly scale your DLP program to accommodate the growing amount and speed of
data going through your channels.
3. Educate employees and executives alike.
Verizon reports human error accounts for nearly 25% of all breaches. Even with an automated
DLP platform, educating your stakeholders and employees on your DLP strategy ensures
maximum protection and accountability.
4. Do not "set and forget".
Regularly schedule audits of your DLP program. Conduct red team exercises to ensure that your
program is still in working condition. Continuous monitoring, evaluation, and refinement of your
DLP process are essential.
With these best practices, companies can greatly improve their DLP strategy and significantly reduce
their digital risk surface. And in these troubled times, that is a level of security that ensures a company’s
resilience.
Cyber Defense eMagazine – June 2021 Edition 37
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.