Preventing Data Leaks Before They Occur, Part III

Security2 minutes readSep 29th, 2011

As I said in my last blog post — Preventing Data Leaks Before They Occur, Part II — there are several access controls to consider that protects data:

  • Proactive scanning of all endpoints to ensure that viruses and other malware are not installed on the systems and affecting their operation.
  • Enforcement of compliance with policy at the network access points to stop non-compliant systems from accessing the network.  A VPN tunnel should not be created of all the protections are not active on the endpoint.
  • Use encryption at your endpoints to ensure data is protected.  Use AES-256 or above encryption.  This includes portable media.  If you do not have an enterprise endpoint encryption solution, consider implementing Bitlocker during your Windows 7 migration.
  • Scan inbound and outbound emails and attachments for viruses and inappropriate content.  Ensure that IRM controlled data is not leaving it should be protected.

Ensure users understand the policies governing corporate issued endpoints.  Users need to understand that the data on the device can be wiped at any time a security violation is suspected.  Users cannot assume any personal data on the devices will be saved.  (When it comes to Bring Your Own Device this is much harder. Read more about Unisys policy and how we manage this.)

Part of the user training needs to include social media policies.  Users must understand what is expected when they interact with Facebook, Twitter or other sites from work or on a corporate/agency device.  They should also be trained on what they can place on those sites and information they can enter.  The corporate/agency specific policies should be enforced for these sites, which may include blocking them from internal locations.

The above is a good overview of what to consider for establishing an environment for data loss prevention.  Not all organizations will be able to accomplish all the steps discussed but getting started and maintaining consistent policy enforcement is a key to success.

Tags-   Consumerization Data protection Security