What is data loss prevention (DLP)?
Data loss prevention (DLP) is a strategy used by businesses to keep their data safe. Different DLP tools and strategies can be used to detect and flag or block any activity or interaction that could result in data being lost, stolen or exfiltrated from your organization. Data loss prevention plays a critical role in protecting confidential and sensitive information from cybercriminals, and ensuring compliance with data protection regulations and industry standards.
How could data loss occur?
There are many different threats to your company’s data, and criminals are constantly finding new and more sophisticated ways to access the growing volumes of sensitive data held by all types of organizations. In addition to threats from cybercriminals or ‘malicious actors’, there are risks from inadvertent data sharing and from malicious insiders within your company who may want to steal or share confidential data for personal gain.
These are some of the most significant threats that can result in data loss:
- Phishing: phishing is the most common online crime. It is a cyberattack in which the attacker tricks the targeted individual into disclosing personal information, revealing login credentials, or transferring money. Around 96% of phishing attacks take place via email.
- Spear phishing: this is a phishing attack targeting a specific individual. Spear phishing attacks are more effective than “bulk” phishing attacks and can target high-value individuals (whaling) or use advanced impersonation techniques (CEO fraud).
- Ransomware: this involves a malicious actor encrypting company data and forcing the company to pay a ransom to unlock it. Cybercriminals use various methods to carry out ransomware attacks, including malicious email attachments or links, and exploit kits.
- Insider risks: malicious employees or those with a grudge can use email to exfiltrate company data. Verizon research shows how employees can misuse their company account privileges for malicious purposes, such as stealing or providing unauthorized access to company data. This problem is most prevalent in the healthcare and manufacturing industries.
- Accidental data loss: human error is a common cause of data loss, which is often overlooked. Misdirected emails, where a person sends an email to the wrong recipient, are the most common cause of data breaches, according to the UK’s data protection regulator. Data from the Tessian platform bears this out, showing that in organizations with 1,000 or more employees, people send an average of 800 misdirected emails every year. These can result in data loss, either through a sender accidentally clicking “reply all”, attaching the wrong file, or simply entering the wrong email address.
To prevent data loss, organizations can implement data loss prevention (DLP) software across their systems. DLP software works by monitoring the various data entry and exit points throughout your organization to identify data movements. A properly configured DLP solution detects when sensitive or important data is about to leave your company’s possession, alerts the user and ultimately prevents data loss.
The entry and exit points for data in your organization include computers, mobile devices, email clients, servers and mail gateways. Different types of data loss prevention solution are required to safeguard data in these environments. Your DLP solution has three main jobs to do:
- Monitor and analyze data being stored, used or shared by your organization.
- Detect suspicious activity or anomalous network traffic.
- Block or flag suspicious activity, to prevent data loss.
DLP software uses technologies such as antivirus software, artificial intelligence, and machine learning to detect suspicious activities and prevent sensitive data being leaked outside your organization. The best DLP software solutions compare data usage against your company’s policies and procedures to detect suspicious activity. It is therefore important that your company has well-defined policies that define how you label, share and protect data from exposure to unauthorized users.
What are the different types of DLP software?
Data loss prevention software can monitor and safeguard data in three states:
- Data in motion (or “in transit”): data that is being sent or received by your network.
- Data in use: data that a user is currently interacting with.
- Data at rest: data stored in a file or database that is not moving or in use.
There are three main types of DLP software, designed to protect data in these different states.
Network data loss prevention
This software monitors network traffic passing through your company’s entry and exit points, to protect data in motion. Network DLP scans all data passing through your company’s network. If it’s working properly, the software will detect sensitive data exiting your network and flag or block it, while allowing other data to leave the network unimpeded. Your network administrators can customize network DLP software to block certain types of data from leaving the network by default, and can also white list specific file types or URLs.
Endpoint data loss prevention
Endpoint DLP software monitors data on devices and workstations, such as computers and mobile devices, to protect data that is currently being used. The software monitors each device and detects a range of potentially malicious actions, such as printing a document, creating or renaming a file, or copying data to removable media (e.g. a USB drive). Many of these actions will be completely harmless, but they could also be an attempt to exfiltrate confidential data. Effective endpoint DLP software will be able to distinguish between suspicious and non-suspicious activity.
Email data loss prevention
As every CISO knows, email is the primary attack vector for cybercriminals. Email represents a potential route directly through your company’s defenses for anyone wishing to deliver a malicious payload. It’s also a way for insiders to send data out of your company’s network – either deliberately or by accident.
Email data loss prevention software is therefore an essential tool to protect against some of the most common and serious causes of data loss, including email-based cyber attacks such as phishing, malicious exfiltration of data by employees, and accidental data loss, perhaps caused by an employee sending an email to the wrong person or attaching the wrong file.
What are the benefits of data loss prevention software?
Preventing data loss from your organization has significant benefits, including reducing the risk of financial losses and reputational damage, and improving your company’s compliance with data protection and industry regulations.
The benefits of implementing an effective data loss prevention solution fall into two broad categories:
- Protecting the personal information of your customers and employees. Your organization is responsible for all the personal information it holds, manages and controls. Cybersecurity attacks and employee error can put that data at risk. As we have seen, DLP software can prevent those losses from happening.
- Protecting your company’s non-personal data, including intellectual property, client lists, financial data, and trade secrets. Effective data loss prevention software can thwart attempts to steal all these types of data, as well as preventing accidental loss.
Ensuring compliance with laws and regulations is another significant benefit of implementing data loss prevention software. It is a clear and simple way to demonstrate your organization’s compliance with the following:
- General Data Protection Regulation (GDPR): Any company doing business in the EU, or working with EU clients or customers, must comply with GDPR. This regulation requires all organizations to implement security measures to protect the personal data in their control.
- California Consumer Privacy Act (CCPA): The CCPA is one example of the many state privacy laws emerging across the US. The law requires businesses to implement reasonable security measures to guard against the loss or exfiltration of personal information.
- Sector-specific regulations: Tightly regulated sectors are subject to privacy and security standards, such as the Health Insurance Portability and Accountability Act (HIPAA), which covers healthcare providers and their business associates, and the Gramm-Leach-Bliley Act (GLBA), which covers financial institutions.
- Cybersecurity frameworks: Compliance with cybersecurity frameworks, such as the NIST Framework, CIS Controls, or ISO 27000 Series, is an important way to demonstrate high standards of data security in your organization. Implementing a DLP solution is one step towards certification with one of these frameworks.
How effective are DLP solutions?
The most effective DLP software works invisibly in the background, enabling employees to work without interruption, but stepping in whenever necessary to prevent data loss. The best DLP software is also easy for IT security teams to manage.
Unfortunately, some DLP solutions have a number of legacy features that either fail to prevent data loss effectively, create too much noise for security teams, or are too cumbersome to enable employees to work unimpeded. Let’s take a look at some DLP methods and weigh up the pros and cons of each.
IT administrators can block certain domains associated with malicious activity, for example, “freemail” domains such as gmail.com or yahoo.com. Blacklisting entire domains, particularly for popular (if problematic) domains, is not ideal. There may be good reasons for communicating with someone using a freemail address – for example, if they are a customer, contractor or a potential client.
Tagging sensitive data
Some DLP software allows users to tag certain types of sensitive data. For example, you may wish to block activity involving any file containing a 16-digit number (which might be a credit card number). But this rigid approach doesn’t account for the dynamic nature of sensitive data. In certain contexts, a 16-digit number might not be associated with a credit card. Or an employee may be using credit card data for legitimate purposes.
Rules-based DLP uses “if-then” statements to block certain types of activity, such as “If an employee uploads a file of 10MB or larger, then block the upload and alert IT.” The problem here is that, like the other “data-centric” solutions identified above, rules-based DLP solutions often block legitimate activity and allow malicious activity to occur unchallenged.
Introducing machine learning into DLP software
Overcoming the limitations of these legacy features requires a more intelligent approach to risk assessment. This is where artificial intelligence and machine learning can deliver real benefits for end users, IT security teams and organizations as a whole.
Tessian Cloud Email Security uses machine learning technology to ‘learn’ how people, teams, and customers communicate in reality, and ‘understand’ the context behind every interaction with data. This advanced capability enables the system to intelligently prevent advanced email threats and protect against data loss.
By analyzing the evolving patterns of human interactions, machine learning DLP constantly reclassifies email addresses according to the relationship between a business and customers, suppliers, and other third parties. It enables organizations to strengthen data security and a build smarter security culture across the entire enterprise – without interrupting the day-to-day work of employees.
Take the intelligent approach to data loss prevention
To find out more about using machine learning and artificial intelligence to help protect your organization’s data, please visit our website.