In the wake of a new wave of data protection laws spearheaded by the EU’s General Data Protection Regulation (GDPR), the safeguarding of personal information has become mandatory for most organizations. However, while Personally Identifiable Information (PII) should always be protected for both compliance and reputational reasons, there is another category of sensitive data companies need to protect: corporate information.
Corporate data covers all information relating to business methods, intellectual property, finances, management systems, research and development projects, customer lists, and trade secrets. Much of this data does not fall under the incidence of data protection legislation, but its confidentiality is essential for a company to maintain its competitive advantage.
Such company information is more vulnerable to insider threats than to data breaches caused by malicious outsiders. Departing employees often attempt to take confidential information with them, in hopes of using it for the benefit of their new employer, oftentimes a competing business.
At the same time, existing and new employees may be more careless in the handling of such information than they are with personal information. For example, by transferring data via unauthorized messaging apps, file-sharing or cloud storage services, and personal email accounts, they can open corporate information up to data leaks and data theft.
Data Loss Prevention (DLP) solutions can help protect corporate data from misappropriation by former employees and the negligence of existing employees. Let’s take a closer look at how they achieve this.
Identifying and protecting sensitive corporate data
While DLP tools come with predefined profiles for personal information and data protection regulations and standards such as GDPR, HIPAA, or PCI DSS, they also allow organizations to set their own custom profiles based on what sensitive data means to them. Many DLP solutions, such as Endpoint Protector, already come with predefined profiles for certain types of sensitive company data such as intellectual property, including patents, trade secrets, and source code.
Once a company defines sensitive business information, they can use DLP tools to scan the entire corporate network to identify where business data is being stored and how it is being used. DLP policies also include what actions need to be taken when such information is found: whether its movements need to be only monitored and logged or its transfer over the internet limited or blocked completely.
DLP solutions do not only prevent corporate data from being transferred via unsecure third-party services, but can also block employees from copy-pasting, printing, or manually inserting such data into the body of emails.
Blocking the use of removable devices
One of the easiest ways employees can steal or lose confidential data is through removable devices. Not requiring any connection to the internet or the corporate network, employees can easily copy any locally stored sensitive business information onto removable devices such as USBs, phones, or external hard drives. USBs in particular, due to their size, are easy to hide or lose.
To prevent data exfiltration, DLP solutions offer companies the option to block the use of peripheral and USB ports as well as the connection of devices via Bluetooth. Organizations can also choose to allow the use of company-issued devices that enforce encryption and can thus guarantee that, if a USB is lost or stolen, the information on it will not be accessible to anyone without a decryption key.
Protecting corporate data on the move
Oftentimes, cybersecurity strategies focus on the protection of sensitive information while a device is connected to the corporate network. However, when devices leave the security of company offices, they become vulnerable not only to physical theft but also to an increased likelihood of unauthorized access and data loss. This is particularly relevant now when the COVID-19 pandemic has forced many companies to take their business operations remotely.
DLP solutions, when applied on the endpoint, guarantee data security even when a device is taken out of the office and is not connected to the company network. More importantly, they continue to protect sensitive data regardless of whether a work computer has internet access or not. DLP tools can thus block the theft of trade secrets and business information such as client lists or employee data even if an individual attempts to circumvent company policies by taking a work device offline.
Monitoring corporate data
The monitoring capabilities of DLP solutions are an essential way for IT departments to detect suspicious activity. For example, an employee thinking of changing jobs and moving on to a competing company may begin transferring files containing customer information. DLP tools flag any attempts to transfer sensitive corporate information, immediately bringing the activity to the company’s attention.
Monitoring data can also help organizations identify practices that may be putting corporate data in jeopardy. In this way, companies can organize trainings to address these risks and educate employees on best data security practices.