What is Data Loss Prevention(DLP)?

Data Loss Prevention (DLP) is a set of tools and processes that help prevent sensitive business data from leaking out due to user negligence. mishandling of data or even malicious intent while complying with the data protection regulations in force (Law 25 in Quebec).

Data can leave the enterprise through two main groups of channels: local channels (eg devices such as printers and USB drives) and network channels (eg email, web and social networks). Although some DLP solutions only monitor network streams, it is best to monitor both local and network channels to ensure effective data loss prevention.

In this article we will see how data loss prevention (DLP) works, what types of threats are related to it, what are the best practices in this area and what types of solutions are there.

How DLP works :

DLP related tools take the form of encryption, detection. They can also take the form of preventive measures and machine learning to assess users’ risk scores. DLP solutions use data classification labels and tags, content inspection techniques, and contextual analytics to identify sensitive content and analyze actions related to the use of that content.

The most complex thing is to identify sensitive data, because it can exist in different states in the company’s infrastructure. We identify 3 types of data:

• Data in use (users interact with it. DLP can monitor and report unauthorized activity such as screenshots, copy-and-paste or print operations involving sensitive data)
• Data in motion (it is transmitted via the internal network, secure or the public internet)
• Data at rest (it is stored in a database, in a file system or a backup infrastructure)

What are the types of threat related to DLP?

We identify 6 types of threats that can compromise sensitive data:

• Cyberattacks (deliberate and malicious attempt to gain unauthorized access to computer systems and thus steal, modify or destroy data)
• Malware (usually disguised as an attachment or trusted program that conceals spyware, viruses)
• Internal risks (usually people who have unregulated access to sensitive data)
• Unintended exposure (This can happen when employees respond to a phishing attack or are unaware of the organization’s cybersecurity policies.)
• Phishing (fraudulent emails on behalf of reputable companies or other trustworthy sources with a virus inside the email, usually as an attachment)
• Ransomware (a type of malware that threatens to destroy or block access to critical data or systems until a ransom is paid)

What are the best practices for having a good DLP?

Best practices for having a good DLP encompass technology, process control, and employee awareness. It is important to identify and classify sensitive data, to use data encryption, to secure your systems, but also to set up your DLP in phases with the assignment of roles and hierarchical level in access to data. Also, automate your DLP process and above all, educate your employees about data protection in your organization.

What are the existing solutions to DLP?

In 2023, the observation is simple, you must have a DLP in your company. The question is no longer if data loss will occur but when it will occur. Here are 6 possible solutions to have a good DLP:

• Microsoft Azure PureView for Office 365 & Azure
• Analysis of user behavior
• Safety education and awareness
• Data encryption
• Data classification
• Cloud Access Security Broker (CASB) Software
• Insider Risk Management Software

If you want to go deeper into the subject, and see if you are well configured at the DLP level in your company, do not hesitate to contact us.