News

The critical data loss prevention practices you should consider

17/04/2020

For every business, from large organisations to smaller start-up companies, DATA LOSS PREVENTION (DLP) measures are a crucial element of security that must be continually employed.

The aim of this process is to
  1. Fully understand how data is being utilised,
  2. knowing where data is being sent or has gone to, and
  3. whether this usage conforms to compliance policies such as the General Data Protection Regulation (GDPR).
The following are some of the best practices for DLP that can help you to protect sensitive company information from both external and internal threats.

Identifying and classifying sensitive information

When setting up systems to protect your company data, it is essential to know what types of information your firm stores and uses.

Making use of data discovery as well as data classification technologies can

  • help you control user access and
  • ensure sensitive data is not stored in unsecure locations.

All sensitive information should be clearly marked with its designated classification so you can make certain it is appropriately protected.

Data classifications can always be updated as required, but controls should be used to stop users from attempting to falsify classification levels.

Only users with top-level privileges should have access to downgrade data classifications.

Control access

Access Control Lists (ACL) can show who is authorised to access resources at different levels.

The ACL can be an application or an internal element of your operating system.

ACLs can use blacklists or whitelists as a basis that might contain websites staff are prohibited or allowed to visit, or software that can or cannot be installed.

The power of data encryption
  • Any business-critical data must always be encrypted both in transit and when stored.
  • To avoid loss of vital information and to defend against attacks, hard drives on laptops and computers should also be encrypted.
Safeguarding your system
  • Any areas where sensitive data may be located, even if temporarily, should always be secured and all potential access routes accounted for.
  • Any system is only as safe as its weakest point but always consider usability when you are securing your network, as a balance between security and functionality must be maintained.
  • Ensure only programs required by employees to perform their tasks are enabled to avoid unwanted avenues for attack.
Keep on top of patches
  • Make sure all apps and operating systems are always up to date with the latest patches available for superior cybersecurity and data protection.
  • Patches implemented for critical infrastructure should be tested fully to make sure no compromises in functionality or vulnerabilities occur within the system.
Educate system users
  1. Making sure all data users in your organisation are aware of the security in place and understand its importance is paramount.
  2. Users should be educated on their role in protecting sensitive company data, from where to store it to where they send it, and how compliancy laws affect its use.

If you want help with any of the above, why not contact our professional team for advice and support?