November 2013: Are you including metadata tags on your company’s important files — tags like Private, Restricted, Classified or Super-Duper-007 Top Secret? If not, should you?
Tagging your files is a key component of Data Leak Protection (DLP), which strategically protects data by monitoring it and blocking it from being shared with unauthorized people. Us frogs say that DLP is like the security line at the airport. Yeah, it’s a pain – but it can be worth it!
Decide if your company is flying without the protection it needs by following these four steps:
Step One: Learn Up!
Dive deep into a discussion with your management team or board of directors about your data. Which data is sensitive and how sensitive is it? How easily can it be accessed? Do we know who’s accessing it? Sending it? Printing it? Do we even know where it’s all located? DLP solutions will identify your most critical data, then monitor it, track it and protect it. If your business deals with e-commerce, health services or customer financial information — or if you’re a publicly traded company or have a high profile — these conversations are especially important.
Step Two: Assess Your Risk
Put a number on the damage that can be done. Look at each of the areas where your company might be vulnerable and ask how badly you could be hurt if data in that area were lost or stolen. Need some examples of what can happen? A quick search of the Privacy Right Clearinghouse’s data breaches page can help. Here’s what happened recently to Adobe (2.9 million accounts) and University of California San Francisco Medical Center (3,541 accounts).
Step Three: Quantify Your Risk
Get your IT department or IT specialists to do an audit and determine how much it would cost to implement an effective DLP platform. Also ask for a tiered analysis of the costs, starting with the basic protection and advancing to the whole tamale. It’s best to get your analysis and advice from experts who work specifically with your industry.
Step Four: Strike a Balance
Here’s the big question to ask yourselves: How do we use this information to protect our most important data without breaking the bank? Let’s say it turns out you could lose $1 million in a data breach and it costs $20,000 to prevent it. Is it worth it? Probably so. But if you could lose only $200,000? Probably not. You might choose cyber security insurance instead. Or maybe the best solution is to protect certain data and insure the rest.
Another option to consider is a second kind of DLP solution, the algorithm model. This model doesn’t use tags and can be a good solution if going backwards to tag every file is too expensive, or if tagging files from now on doesn’t make sense. This kind of DLP looks for patterns in files, such as strings of numbers that might be credit card numbers, and monitors and protect those files.
Whichever your best solution might be, don’t let the effort it takes prevent you from exploring your options! You want to leap ahead knowing that your IT ecosystem is as protected as it can reasonably be.
|You may also be interested in:|