Data Loss Prevention (DLP) is something companies are devoting considerable attention to in recent years, and for good reason. DLP refers to efforts to keep confidential information from being leaked or stolen. Whether an employee sends secret documents and data to a rival or an employee accidentally exposes social security numbers on the wide open internet it’s all considered a failure of a company’s DLP efforts.
DLP seeks to protect various types of data, including data relating to regulatory compliance, intellectual property and business strategies, including potential merger and acquisition plans. Inadvertent forwarding of emails to the wrong recipients, sending customer or proprietary information to third parties for financial gain or jobs, are all targets of a DLP program.
The dimensions of DLP aren’t widely known to the public – the public still thinks that outsider attacks are the predominant way a firms’ data and information are exposed. The real problem with DLP efforts is that a company has to protect numerous avenues through which its confidential data can b e intentionally or accidentally exposed. DLP involves protecting data in all these forms: data in motion, which refers to data passing through the electronic network, data at rest which refers to data that resides on disk and tape storage and finally data at the endpoints of your enterprise, which includes data stored on external drives, USB devices, lap[tops and similar devices.
The reasons for wide spread data losses among companies are easy to see: the inherent difficulty of controlling today’s communications., which can include email, instant messaging and peer-to-[peer sites.
A comprehensive DLP strategy will protect your confidential data by monitoring communications that leave the organization, encrypting email. Complying with strong accepted security standards and enforcing very strong acceptable use policies for the company’s IT assets. The implementation of strong security standards throughout the agency will reduce the possibility for unauthorized access of critical data. A strong appropriate use policy enforcement will include policies that lay out what an illegal act is, and install barriers such as disallowing large email attachments or screening emails to certain parties.