SlideShare une entreprise Scribd logo

Why Should Your Company Have a Data Loss Prevention Plan?

Skoda Minotti
Skoda Minotti

Learn what Data loss Prevention is, how data loss prevention technology works how to choose a solution and steps for a successful data loss prevention plan for your company.

TechnologieBusiness
1  sur  7
Télécharger pour lire hors ligne
Why Should Your Company Have a Data Loss Prevention Plan? Brian Rosenfelt • What is Data Loss Prevention (DLP)? • How Data Loss Prevention Technologies Work • Choosing a Data Loss Prevention Solution • Steps for a Successful Data Loss Prevention Plan Implementation T E C H N O L O G Y P A R T N E R S Share this e-book www.skodaminotti.com | 440.449.6800 | 6685 Beta Drive Mayfield Village, C H 44143L T E OH N O O G Y P A R T N E R S
01 Introduction Data loss events happen at businesses large and small - a lot more often than many of us realize. Although some are targeted and malicious, many of these events are caused by highly trusted employees who accidentally leak intellectual property and data into commonly-used, untrusted zones (personal email addresses, USB drives, etc). It’s important to not wait until a breach occurs to implement data leakage solutions. Without a comprehensive security structure to your network, you may not even know if security breaches are occuring. We want to help you understand how your company should be protecting its most important information. The topics covered in this e-book include: • What is Data Loss Prevention (DLP)? • How Data Loss Prevention Technologies Work • Choosing a Data Loss Prevention Solution • Steps for a Successful Data Loss Prevention Plan Implementation If you are interested in learning more about data loss prevention, and the solutions that are available to protect your company’s data, I invite you to continue reading this e-book. About the Author Brian Rosenfelt, Technology Consultant - Skoda Minotti Technology Partners Brian is a principal with Skoda Minotti Technology Partners. He has 16 years of IT experience. Prior to joining the firm, he founded Computer Troubleshooters Independence, after a successful career as a controller, CFO and perations executive in various industries. Brian graduated from the University of Maryland’s Smith School of Business and holds an active CPA certificate. He also holds several telecommunication certifications, including being a Certified 3CX Consultant and FtOCC (Fonality Trixbox Open Communication Certification) from Fonality. He is a member of the American Institute and Ohio Society of Certified Public Accountants, the Society for Human Resource Management and the Northeast Ohio Software Association. He also spends time volunteering with Cleveland Social Venture Partners and the Jewish Community Federation. Share this e-book T E C H N O L O G Y P A R T N E R S
02 What is Data Loss Prevention (DLP)? To understand the importance of data loss prevention for your company, I think it’s important that you first understand what data loss prevention is and the different kinds of data your company needs to protect. Data loss prevention is a buzz word that’s quickly growing in popularity in the information technology world. Put simply, data loss prevention refers to systems and procedures that enable organizations to reduce the corporate risk of the unintentinal disclosure of confidential data. It may seem like a simple concept, but the leakage of your company’s intellectual property and/or confidential data could cost you in the ways of financial loss and fines brand damage, and more. To help you understand how you can protect it, you need to know where your data lives. There are three kinds of data and this should help you understand each of them: 1. Data at Rest - To understand this concept, you can ask yourself, “Where is my confidential data stored?” This can be any data that is stored on file servers, databases, backup drives, mail servers, etc. 2. Data in Motion - Here, you can ask yourself, “Where is my confidential data going?” This can be any data that is moving throughout the network (especially from inside the network to outside the network via the Internet). 3. Data in Use - To best understand this concept, ask yourself, “What individual devices have access to confidential data?” This can be any data that resides on end-user devices such as workstations, laptops, tablets, Smartphones, external drives and other mobile devices. It’s important to understand that a good data loss prevention solution will provide monitoring and protection for all three categories of data. “It may seem like a simple concept, but the leakage of your company’s intellectual property and/or confidential data could cost you in the ways of financial loss and fines, brand damage and more.” Share this e-book T E C H N O L O G Y P A R T N E R S
03 How Data Loss Prevention Technologies Work So, we’ve talked about what data loss prevention is. And, maybe your company does need help implementing a plan. But, you want to better understand exactly how it works before you implement a plan of your own. We can help you with that. Remember the three kinds of data we discussed earlier? 1. Data in Motion 2. Data at Rest 3. Data in Use And, also remember, that we also mentioned a good DLP solution would protect all three types. Here’s how an effective data loss prevention solution works to protect each type of data: First, the solution must be able to monitor the network to ensure that “Data in Motion” is protected against unauthorized transfers. One example is employees emailing sensitive files to themselves using public webmail services like Gmail, Yahoo, AOL, etc. Second, the solution should be able to monitor all file storage locations “Data at Rest” and ensure users aren’t manipulating that data in a way that violates the data loss prevention policy. For example, preventing employees from copying data from a file share to a USB drive. Finally, the solution should have an “agent” component that can be installed to protect the “Data in Use” on end user devices, such as workstations and laptops to ensure that policies aren’t violated, even when those devices are outside of the corporate network. Above all, the most important piece to a functional data loss prevention plan comes in educating the employees of your organization, so that they know and understand that they are responsible for ensuring its ‘health and safety’. Helping them to understand this concept, and explaining the ways your policy will work to do just that, can be instrumental to your data loss prevention plan’s success. Share this e-book T E C H N O L O G Y P A R T N E R S
04 Choosing a Data Loss Prevention Solution If you didn’t know you need a data loss prevention plan before - you do now. Let’s give you a few more reasons why you should have one. The obvious reason - To protect against intentional and unintentional data leakage. Above that, going through the process of creating a data loss prevention plan and policy gives your company intelligence as to where and how your data really is being stored, moved and used. Lastly, implementing a solution can help identify areas for process improvement (e.g. a developer sending source code to a home computer to work with because they didn’t have the resources they need in your office). Here are a handful of questions that you can ask your provider when choosing your data loss prevention solution: Where does the product look for data across your network? Does it find sensitive data just traveling your network, on your database and file servers, or does it look at data on local desktops? Can the data loss prevention agents accomplish other security-related things on the endpoints? Some vendors can turn off USB connectors to block someone with a thumb drive from walking away with all of your customer data in their pocket. Others can control which applications can and can’t be run on your workstations, laptops or even tablets. What protocols can be blocked or analyzed? Just protocols involving email (SMTP, POP and IMAP)? What about file transfer technologies or instant messaging? How hard is it to create – and then change – the data loss prevention rules? A DLP tool is only as good as its ability to have rules updated easily over time. Can your IT staff (or outsourced provider) easily update rules as new threats are identified or company policies updated? What happens when a rule is broken? Can you figure out who violated the policy, where the offending information is stored, and what kinds of automated responses can be sent? Does the product come with pre-defined templates to make all of this easier? Is the content analysis portion a separate or integrated piece of the product? In some cases, such as McAfee’s data loss prevention solution, you are going to need several different products to be installed to enable a complete solution. What kinds of reports are available, and are they easy to understand? Does the product offer any real-time reporting capabilities, and how flexible are these reports? Share this e-book T E C H N O L O G Y P A R T N E R S
05 Steps for a Successful Data Loss Prevention Plan Implementation So, you’ve decided to implement a data loss prevention plan. Once you have the systems in place to begin monitoring the data within your organization, here are some steps that you can take, internally, to implement a successful DLP solution: 1. Identify Key Participants – Assemble those that should be involved internally when you identify data loss. Participants may include IT, HR, and operations employees. Identify the individuals and meet with them to work out what situations they will need to be involved in. 2. Develop a Notification Process – Do you have processes ready if a regulated data breach occurs? Who will be notified? Is your legal or compliance team ready to meet requirements, such as breach notification laws? Get your compliance people in the loop and have them write the process with you. 3. Fix Broken Business and Weak Processes – Assume that you will find broken business processes, like automated file transfers to partners in clear text over the internet instead of encrypted or over private line. You’ll spend time getting these fixed. 4. Create a Plan for Handling Theft – Talk with HR to establish a process if you uncover insider theft. Give HR a heads up and involve them in the roll-out. The insider may be at a senior level, so consider that, as well. 5. Establish the Response Team and Workflow – Map out your incident handling and resolution process, as a flowchart. Who will be on the incident handling team? In larger organizations you might have: First level reviewer (making sure the incident is properly classified with the right severity-typical in large enterprises), IT, Security, Compliance, HR. 6. Set a Timeline for Incident Resolution – Set goals for making sure incidents are handled in a timely manner. • First level review of all incidents within x amount of time • Resolve all high severity incidents within y amount of time • Close all incidents within z amount of time (resolving incidents within 2 hours) Share this e-book T E C H N O L O G Y P A R T N E R S
06 Steps for a Successful Data Loss Prevention Plan Implementation (cont.) 7. Establish Reporting and Automate – How are you going to track things? Decide what reports you’ll need to have and who should get them. Set up scheduled reports so that you know what is happening and that your team is resolving incidents within your timeline. Reports for: • Incidents Created • Incidents Closed • Open Incidents Status – by age, severity, owner • A report sorted by the type of data or by policy that was violated • Summary reports for your CSO or execs 8. Plan Roll-Out Stages – It’s important to plan your roll-out in stages rather than trying to attach the problem all at once. • Select data and policies to be implemented in stages, e.g. first the customer billing database for PCI violations, then the next set of data and policies for state privacy regulations, then company IP data and policies. • Roll-out and test your policies in a monitor only mode, to set a baseline. But you have to be prepared for a sig- nificant breach to happen. That’s why we advise people to anticipate data loss and prepare for it in advance. • Decide when you will have the solution notify end users and what you expect of them. Use this for user educa- tion about your polices on data handling. You can expect to see the number of incidents drop as users are notified on each violation. Set up your reporting ahead of time so you can track. For a no-risk analysis of your company’s data, or to simply meet and discuss your company’s data loss prevention needs, give our Technology Partners group a call at 440-449-6800. Share this e-book T E C H N O L O G Y P A R T N E R S

Recommandé

Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
Symantec
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
Arrow ECS UK
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
"Disaster Risk Reducion DRR
"Disaster Risk Reducion DRR "Disaster Risk Reducion DRR
"Disaster Risk Reducion DRR
Ahmed-Refat Refat
 
Ceph Introduction 2017
Ceph Introduction 2017 Ceph Introduction 2017
Ceph Introduction 2017
Karan Singh
 
Data Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingData Loss Prevention: Brainstorming
Data Loss Prevention: Brainstorming
Dr. Lydia Kostopoulos
 
Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020
Skoda Minotti
 
Elevate 2019: Business Leader Slides
Elevate 2019: Business Leader SlidesElevate 2019: Business Leader Slides
Elevate 2019: Business Leader Slides
Skoda Minotti
 

Recommandé

Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
Symantec
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
Arrow ECS UK
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
"Disaster Risk Reducion DRR
"Disaster Risk Reducion DRR "Disaster Risk Reducion DRR
"Disaster Risk Reducion DRR
Ahmed-Refat Refat
 
Ceph Introduction 2017
Ceph Introduction 2017 Ceph Introduction 2017
Ceph Introduction 2017
Karan Singh
 
Data Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingData Loss Prevention: Brainstorming
Data Loss Prevention: Brainstorming
Dr. Lydia Kostopoulos
 
Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020
Skoda Minotti
 
Elevate 2019: Business Leader Slides
Elevate 2019: Business Leader SlidesElevate 2019: Business Leader Slides
Elevate 2019: Business Leader Slides
Skoda Minotti
 
Elevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional SlidesElevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional Slides
Skoda Minotti
 
Smart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv SessionSmart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv Session
Skoda Minotti
 
Managing Risk
Managing RiskManaging Risk
Managing Risk
Skoda Minotti
 
Navigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of CryptocurrenciesNavigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of Cryptocurrencies
Skoda Minotti
 
Performance and Rewards
Performance and RewardsPerformance and Rewards
Performance and Rewards
Skoda Minotti
 
Non-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private CompaniesNon-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private Companies
Skoda Minotti
 
ABC Presents: Interviewing Skills
ABC Presents: Interviewing SkillsABC Presents: Interviewing Skills
ABC Presents: Interviewing Skills
Skoda Minotti
 
Valuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsValuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell Agreements
Skoda Minotti
 
ABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top TalentABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top Talent
Skoda Minotti
 
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and AcquisitionsState and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
Skoda Minotti
 
Future-Proofing Your Business with Technology
Future-Proofing Your Business with TechnologyFuture-Proofing Your Business with Technology
Future-Proofing Your Business with Technology
Skoda Minotti
 
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re HeadedManufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Skoda Minotti
 
Recruiting and Retaining Top Talent
Recruiting and Retaining Top TalentRecruiting and Retaining Top Talent
Recruiting and Retaining Top Talent
Skoda Minotti
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
Skoda Minotti
 
Understanding Medicare
Understanding MedicareUnderstanding Medicare
Understanding Medicare
Skoda Minotti
 
Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019
Skoda Minotti
 
Business Valuation Basics
Business Valuation BasicsBusiness Valuation Basics
Business Valuation Basics
Skoda Minotti
 
The Importance of State and Local Tax Nexus
The Importance of State and Local Tax NexusThe Importance of State and Local Tax Nexus
The Importance of State and Local Tax Nexus
Skoda Minotti
 
Using a Forensic CPA for Lawyers
Using a Forensic CPA for LawyersUsing a Forensic CPA for Lawyers
Using a Forensic CPA for Lawyers
Skoda Minotti
 
Navigating Tomorrow's Tax Landscape
Navigating Tomorrow's Tax LandscapeNavigating Tomorrow's Tax Landscape
Navigating Tomorrow's Tax Landscape
Skoda Minotti
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Contenu connexe

Plus de Skoda Minotti

Plus de Skoda Minotti (20)

Elevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional SlidesElevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional Slides
 
Smart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv SessionSmart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv Session
 
Managing Risk
Managing RiskManaging Risk
Managing Risk
 
Navigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of CryptocurrenciesNavigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of Cryptocurrencies
 
Performance and Rewards
Performance and RewardsPerformance and Rewards
Performance and Rewards
 
Non-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private CompaniesNon-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private Companies
 
ABC Presents: Interviewing Skills
ABC Presents: Interviewing SkillsABC Presents: Interviewing Skills
ABC Presents: Interviewing Skills
 
Valuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsValuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell Agreements
 
ABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top TalentABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top Talent
 
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and AcquisitionsState and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
 
Future-Proofing Your Business with Technology
Future-Proofing Your Business with TechnologyFuture-Proofing Your Business with Technology
Future-Proofing Your Business with Technology
 
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re HeadedManufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
 
Recruiting and Retaining Top Talent
Recruiting and Retaining Top TalentRecruiting and Retaining Top Talent
Recruiting and Retaining Top Talent
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
 
Understanding Medicare
Understanding MedicareUnderstanding Medicare
Understanding Medicare
 
Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019
 
Business Valuation Basics
Business Valuation BasicsBusiness Valuation Basics
Business Valuation Basics
 
The Importance of State and Local Tax Nexus
The Importance of State and Local Tax NexusThe Importance of State and Local Tax Nexus
The Importance of State and Local Tax Nexus
 
Using a Forensic CPA for Lawyers
Using a Forensic CPA for LawyersUsing a Forensic CPA for Lawyers
Using a Forensic CPA for Lawyers
 
Navigating Tomorrow's Tax Landscape
Navigating Tomorrow's Tax LandscapeNavigating Tomorrow's Tax Landscape
Navigating Tomorrow's Tax Landscape
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Dernier (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Why Should Your Company Have a Data Loss Prevention Plan?

  • 1. Why Should Your Company Have a Data Loss Prevention Plan? Brian Rosenfelt • What is Data Loss Prevention (DLP)? • How Data Loss Prevention Technologies Work • Choosing a Data Loss Prevention Solution • Steps for a Successful Data Loss Prevention Plan Implementation T E C H N O L O G Y P A R T N E R S Share this e-book www.skodaminotti.com | 440.449.6800 | 6685 Beta Drive Mayfield Village, C H 44143L T E OH N O O G Y P A R T N E R S
  • 2. 01 Introduction Data loss events happen at businesses large and small - a lot more often than many of us realize. Although some are targeted and malicious, many of these events are caused by highly trusted employees who accidentally leak intellectual property and data into commonly-used, untrusted zones (personal email addresses, USB drives, etc). It’s important to not wait until a breach occurs to implement data leakage solutions. Without a comprehensive security structure to your network, you may not even know if security breaches are occuring. We want to help you understand how your company should be protecting its most important information. The topics covered in this e-book include: • What is Data Loss Prevention (DLP)? • How Data Loss Prevention Technologies Work • Choosing a Data Loss Prevention Solution • Steps for a Successful Data Loss Prevention Plan Implementation If you are interested in learning more about data loss prevention, and the solutions that are available to protect your company’s data, I invite you to continue reading this e-book. About the Author Brian Rosenfelt, Technology Consultant - Skoda Minotti Technology Partners Brian is a principal with Skoda Minotti Technology Partners. He has 16 years of IT experience. Prior to joining the firm, he founded Computer Troubleshooters Independence, after a successful career as a controller, CFO and perations executive in various industries. Brian graduated from the University of Maryland’s Smith School of Business and holds an active CPA certificate. He also holds several telecommunication certifications, including being a Certified 3CX Consultant and FtOCC (Fonality Trixbox Open Communication Certification) from Fonality. He is a member of the American Institute and Ohio Society of Certified Public Accountants, the Society for Human Resource Management and the Northeast Ohio Software Association. He also spends time volunteering with Cleveland Social Venture Partners and the Jewish Community Federation. Share this e-book T E C H N O L O G Y P A R T N E R S
  • 3. 02 What is Data Loss Prevention (DLP)? To understand the importance of data loss prevention for your company, I think it’s important that you first understand what data loss prevention is and the different kinds of data your company needs to protect. Data loss prevention is a buzz word that’s quickly growing in popularity in the information technology world. Put simply, data loss prevention refers to systems and procedures that enable organizations to reduce the corporate risk of the unintentinal disclosure of confidential data. It may seem like a simple concept, but the leakage of your company’s intellectual property and/or confidential data could cost you in the ways of financial loss and fines brand damage, and more. To help you understand how you can protect it, you need to know where your data lives. There are three kinds of data and this should help you understand each of them: 1. Data at Rest - To understand this concept, you can ask yourself, “Where is my confidential data stored?” This can be any data that is stored on file servers, databases, backup drives, mail servers, etc. 2. Data in Motion - Here, you can ask yourself, “Where is my confidential data going?” This can be any data that is moving throughout the network (especially from inside the network to outside the network via the Internet). 3. Data in Use - To best understand this concept, ask yourself, “What individual devices have access to confidential data?” This can be any data that resides on end-user devices such as workstations, laptops, tablets, Smartphones, external drives and other mobile devices. It’s important to understand that a good data loss prevention solution will provide monitoring and protection for all three categories of data. “It may seem like a simple concept, but the leakage of your company’s intellectual property and/or confidential data could cost you in the ways of financial loss and fines, brand damage and more.” Share this e-book T E C H N O L O G Y P A R T N E R S
  • 4. 03 How Data Loss Prevention Technologies Work So, we’ve talked about what data loss prevention is. And, maybe your company does need help implementing a plan. But, you want to better understand exactly how it works before you implement a plan of your own. We can help you with that. Remember the three kinds of data we discussed earlier? 1. Data in Motion 2. Data at Rest 3. Data in Use And, also remember, that we also mentioned a good DLP solution would protect all three types. Here’s how an effective data loss prevention solution works to protect each type of data: First, the solution must be able to monitor the network to ensure that “Data in Motion” is protected against unauthorized transfers. One example is employees emailing sensitive files to themselves using public webmail services like Gmail, Yahoo, AOL, etc. Second, the solution should be able to monitor all file storage locations “Data at Rest” and ensure users aren’t manipulating that data in a way that violates the data loss prevention policy. For example, preventing employees from copying data from a file share to a USB drive. Finally, the solution should have an “agent” component that can be installed to protect the “Data in Use” on end user devices, such as workstations and laptops to ensure that policies aren’t violated, even when those devices are outside of the corporate network. Above all, the most important piece to a functional data loss prevention plan comes in educating the employees of your organization, so that they know and understand that they are responsible for ensuring its ‘health and safety’. Helping them to understand this concept, and explaining the ways your policy will work to do just that, can be instrumental to your data loss prevention plan’s success. Share this e-book T E C H N O L O G Y P A R T N E R S
  • 5. 04 Choosing a Data Loss Prevention Solution If you didn’t know you need a data loss prevention plan before - you do now. Let’s give you a few more reasons why you should have one. The obvious reason - To protect against intentional and unintentional data leakage. Above that, going through the process of creating a data loss prevention plan and policy gives your company intelligence as to where and how your data really is being stored, moved and used. Lastly, implementing a solution can help identify areas for process improvement (e.g. a developer sending source code to a home computer to work with because they didn’t have the resources they need in your office). Here are a handful of questions that you can ask your provider when choosing your data loss prevention solution: Where does the product look for data across your network? Does it find sensitive data just traveling your network, on your database and file servers, or does it look at data on local desktops? Can the data loss prevention agents accomplish other security-related things on the endpoints? Some vendors can turn off USB connectors to block someone with a thumb drive from walking away with all of your customer data in their pocket. Others can control which applications can and can’t be run on your workstations, laptops or even tablets. What protocols can be blocked or analyzed? Just protocols involving email (SMTP, POP and IMAP)? What about file transfer technologies or instant messaging? How hard is it to create – and then change – the data loss prevention rules? A DLP tool is only as good as its ability to have rules updated easily over time. Can your IT staff (or outsourced provider) easily update rules as new threats are identified or company policies updated? What happens when a rule is broken? Can you figure out who violated the policy, where the offending information is stored, and what kinds of automated responses can be sent? Does the product come with pre-defined templates to make all of this easier? Is the content analysis portion a separate or integrated piece of the product? In some cases, such as McAfee’s data loss prevention solution, you are going to need several different products to be installed to enable a complete solution. What kinds of reports are available, and are they easy to understand? Does the product offer any real-time reporting capabilities, and how flexible are these reports? Share this e-book T E C H N O L O G Y P A R T N E R S
  • 6. 05 Steps for a Successful Data Loss Prevention Plan Implementation So, you’ve decided to implement a data loss prevention plan. Once you have the systems in place to begin monitoring the data within your organization, here are some steps that you can take, internally, to implement a successful DLP solution: 1. Identify Key Participants – Assemble those that should be involved internally when you identify data loss. Participants may include IT, HR, and operations employees. Identify the individuals and meet with them to work out what situations they will need to be involved in. 2. Develop a Notification Process – Do you have processes ready if a regulated data breach occurs? Who will be notified? Is your legal or compliance team ready to meet requirements, such as breach notification laws? Get your compliance people in the loop and have them write the process with you. 3. Fix Broken Business and Weak Processes – Assume that you will find broken business processes, like automated file transfers to partners in clear text over the internet instead of encrypted or over private line. You’ll spend time getting these fixed. 4. Create a Plan for Handling Theft – Talk with HR to establish a process if you uncover insider theft. Give HR a heads up and involve them in the roll-out. The insider may be at a senior level, so consider that, as well. 5. Establish the Response Team and Workflow – Map out your incident handling and resolution process, as a flowchart. Who will be on the incident handling team? In larger organizations you might have: First level reviewer (making sure the incident is properly classified with the right severity-typical in large enterprises), IT, Security, Compliance, HR. 6. Set a Timeline for Incident Resolution – Set goals for making sure incidents are handled in a timely manner. • First level review of all incidents within x amount of time • Resolve all high severity incidents within y amount of time • Close all incidents within z amount of time (resolving incidents within 2 hours) Share this e-book T E C H N O L O G Y P A R T N E R S
  • 7. 06 Steps for a Successful Data Loss Prevention Plan Implementation (cont.) 7. Establish Reporting and Automate – How are you going to track things? Decide what reports you’ll need to have and who should get them. Set up scheduled reports so that you know what is happening and that your team is resolving incidents within your timeline. Reports for: • Incidents Created • Incidents Closed • Open Incidents Status – by age, severity, owner • A report sorted by the type of data or by policy that was violated • Summary reports for your CSO or execs 8. Plan Roll-Out Stages – It’s important to plan your roll-out in stages rather than trying to attach the problem all at once. • Select data and policies to be implemented in stages, e.g. first the customer billing database for PCI violations, then the next set of data and policies for state privacy regulations, then company IP data and policies. • Roll-out and test your policies in a monitor only mode, to set a baseline. But you have to be prepared for a sig- nificant breach to happen. That’s why we advise people to anticipate data loss and prepare for it in advance. • Decide when you will have the solution notify end users and what you expect of them. Use this for user educa- tion about your polices on data handling. You can expect to see the number of incidents drop as users are notified on each violation. Set up your reporting ahead of time so you can track. For a no-risk analysis of your company’s data, or to simply meet and discuss your company’s data loss prevention needs, give our Technology Partners group a call at 440-449-6800. Share this e-book T E C H N O L O G Y P A R T N E R S