Apart from exposing the fragility of our species and systems, the recent Covid-19 pandemic also reminded us of the risks, consequences and financial losses that come with the disruption of business.
As organizations large and small suddenly grow even more reliant on technology, proper business continuity and data loss prevention strategies become essential pillars that prevent both hiccups and major crises in IT departments.
As Covid-19 keeps reshaping our global business and economy, one of the priorities when outlining your business continuity strategy is to detect potential causes of data loss and prevent them appropriately.
Here are the top 5 data loss prevention (DLP) strategies that organizations should implement, regardless of their size or the industry in which they operate.
1. Map and classify your data
One of the major issues that organizations face is that their data is spread across multiple systems – some of it may be on Google Drive, Dropbox or other cloud storage services.
Other data could be on local servers or local storage devices that employees keep in their drawers or desks (flash drives, external storage drives etc.).
Finally, there’s communication data like email, Slack, Skype, Zoom, WhatsApp or any similar chat/video apps that businesses are using for official communication.
Organizations should identify all the channels in which the data resides and then focus on the protection of business-critical, sensitive or regulated data like social security numbers, medical records, credit card information, intellectual property, strategic plans or financial data. Next, they need to devise a data protection strategy that relies both on policies (such as an email retention policy) and technology.
In their data prevention efforts, organizations should prioritize the most sensitive and valuable data, as they are most likely to be the target of attackers and scams.
2. Choose the right hardware and plan for redundancy
There are many ways in which hardware can fail. As a matter of fact, hardware failure accounts for more than 40% of data loss cases. Some of the most common causes of hardware failure include damage by impact, electrical spikes, electrostatic discharge, dust, overheating and hard disk degradation.
Organizations can prevent hardware failure by:
- investing into enterprise-grade hardware (server-grade chipsets, ECC RAM, SAS hard drives),
- ensuring hardware and network redundancy (RAID, ZFS, redundant PSU) and
- paying attention to EOL for the hardware.
Of all natural disasters (which are generally rare and account for only about 5% of all data loss cases) hurricanes are the worst. With 24 major hurricanes since 2017 and 6 storms in 2020 already, it’s no wonder that water damage is the first natural enemy in offices across the south and east coast of the US.
Floods, earthquakes and fires are data loss causes that can’t be prevented or predicted with certainty – the only thing you can do is back up all critical data frequently and in multiple locations.
3. Educate employees to minimize human error
The human factor plays a prominent role in corporate data loss. Be it recklessness, accidental sharing, theft or espionage, insider threats account for 39% of corporate data loss cases.
Most insider threats are non-malicious – these are people who violate data protection and compliance policies unintentionally. A common example is a dedicated employee who copies a confidential document to their personal usb drive to be able to carry on working from home over the weekend, totally unaware that their actions could result in breaches or loss.
Malicious insiders are typically high-level executives or IT professionals with privileges who are willing to sell the data or compromise the company if wronged.
According to CIOs and CISOs, nothing is worse than finding out that a company laptop got stolen or lost, or having employees accessing and sharing business-critical documents and information via personal mobile devices that lack proper security protocols.
To prevent such scenarios, make sure you predict possible leakage opportunities, evaluate the potential damage and educate your employees. The first step towards preventing and mitigating data loss caused by human error and employee misconduct is to create appropriate policies and guidelines, re-evaluate them regularly and train your employees.
4. Invest in security, then automate
Any data loss protection program essentially relies on network, email and business IT security, so hiring an expert and adopting a DLP tool to help with automation should be considered a priority.
Organizations need to implement network-based security and encrypt data at rest and in transit. Data is especially susceptible to threats while in transit – a good example of this is an online transaction or attaching a document to an email.
Apart from encryption, several other processes need to be established – there should be a list of third-party software or websites that are permitted or prohibited, followed by a clearly defined data flow process to specify how enterprise data is created, modified, copied, shared and deleted.
Finally, organizations should try to automate these processes as much as possible in order to facilitate everyday use and standardize employee behavior. Many data loss protection solutions can respond when they anticipate threats and block them automatically.
5. Retain and limit access to data appropriately
Enterprise information archiving is an essential part of any data loss protection program. Until recently covering mostly email, but now encompassing many other communication channels (WhatsApp, social media, text messages, calls), data archiving has numerous benefits.
Archiving solutions take the pressure off of email servers, make sure organizations have a centralized, searchable repository of all communications and act as ediscovery support by letting teams prevent data deletion or evidence spoliation when litigation is anticipated.
Archiving software indexes and feeds all incoming, outgoing and internal messages into an archive, which also helps take the pressure off individual employees, who can freely delete email from their mailboxes without worrying.
On the other hand, compliance officers and IT staff can set rules and policies to:
- meet compliance requirements,
- establish levels of protection,
- control access to data,
- view end users’ activity trail to check on suspicious activity and
- prevent any accidental or purposeful data manipulation or loss.
All things considered, any data loss protection program needs to include these five best practices and build on them based on the unique needs, size and nature of the organization in question.
If you follow these tips and invest enough time in policies, training and choosing the right technology, you should be covered from most data loss scenarios.
Jatheon is a global leader in enterprise information archiving, with 16 years of experience in providing on-premise, cloud and virtual archiving solutions to regulated industries in the US and beyond. To learn how you can gain control over your business data with Jatheon, and prevent data loss, contact us or book a personal demo.
Read Next:Email Archiving: Retention Policy Best Practices Ediscovery and Email Archiving: Is Your Organization Ready? |
