Data Loss Prevention (DLP): What is it and why should you be thinking about it

Written By Emilio Vancheri

It's a fact of life that being proactive will always be more effective than being reactive (in cases where it's possible). So, how can we apply that to our organisation when it comes to security? We can be proactive in our security monitoring, leveraging SIEM solutions and SOC capabilities to provide insights on our environment and prevent attacks at the source. We can utilise vulnerability management to minimise our exposure and limit the attack vectors we are susceptible to. There is, however, one method which has been growing in popularity amid today's work-from-home culture - can you guess what it is???

Correct - it's DLP (I knew you had it in you!)?

What is it??

For any newcomers to the cyber security space (or if you simply aren't already familiar); DLP (Data Loss Prevention) is the practice of preventing the loss of data from your company by using controls and security features. It is comprised of tools and methods that focus on data security, such as:?

• Document / E-mail labelling (sensitive information, confidential etc.)?
• Document sharing controls?
• Access / rights management?
• Data retention policies?
• Data archiving policies??

?Why Does it Matter??

Recently, the PSNI (Police Service of Northern Ireland) suffered a data leak that could have been prevented by proper implementation of DLP. On August 3rd 2023, the PSNI received a Freedom of Information (FoI) request from a member of the public: "Could you provide the number of officers at each rank and number of staff at each grade?"?

Instead of sending the requested information, the source data was mistakenly shared in the form of a highly sensitive excel workbook which contained the Personally Identifiable Information (PII) of around 10,000 employees. This is a common case of user error, however, with the right DLP solution in place, mistakes like this can be avoided.?

Although it's impossible to say for certain, solutions like Microsoft DLP can auto label documents as sensitive if they include information that your business / organisation deems as sensitive, such as names, identification numbers, addresses, etc. Labelled documents are then controlled by policies to limit how they can be shared, and can be used to block any attempts to publish data if it is forbidden. Lawyer and data protection expert Ibra-Him Hasan claims:??

"It's a training issue, it's an awareness issue, but also just people checking each other's work to ensure they haven't inadvertently disclosed the background information."?

Whilst this is true, there are technical solutions that can be put in place to prevent such data leaks. These solutions not only act to prevent, but also to increase awareness around sensitive documents and information.?

How can you protect yourself??

According to research carried out on current market trends, the market for DLP is set to grow around 23.78% annually.?

This indicates that there will be newly emerging solutions, methods, and techniques available to businesses to further improve their DLP posture. However, proper implementation may not be as easy it seems - when reviewing a report published by Gartner, around 35% of DLP implementations fail.??

Worry not, though, my data-conscious readers. Here are 5 tips to help implement robust DLP:??

1. Scope appropriately: One of the symptoms of improper DLP roll out is disruption to business practices. Policies in place could be incorrectly marking documents and emails, blocking access to certain documents, and creating a lot of noise for any SOC services in the form of false positive alerts. Properly scoping your environment is key to identifying which solutions will suit your organisation best. Depending on the solution, you can then build policies and start generating awareness around roll out.?
2. Prepare for a long journey ahead: Like many things in life, good things require patience. DLP implementation can take a long time, depending on the solutions and methods you want to use within your organisation, and can require a lot of preparatory work. Take Microsoft's Trainable Classifiers as an example - it can take around 33 days (about 1 month) to create a trainable classifier for a type of document (legal, financial etc.) and will require around 200 sample documents. Once trained, it will automatically classify documents and therefore apply sensitivity labels, retention labels, and apply communication compliance policies.??
3. Prioritise by risk: As there are so many options when choosing a set of DLP solutions, it can be difficult to prioritise which should be deployed first. Identify your organisation’s highest risk areas and start there. For example, it may be that your organisation shares a lot of information with clients via SharePoint. In that case, you would prioritise tightening controls on what can be shared with who, and how data is presented via policies controlled in your DLP solution of choice.??
4. Roll out in a staged approach: As DLP can be disruptive, you want to ensure you are minimising the impact the DLP policies and settings could potentially have on users. Roll out the policies to a group of test users first, and generate some feedback to make improvements. Alternatively, if your solution allows it, run the policies in test mode and record the results over a 30-day period.??
5. Be ready for evolution: Once DLP is in place, you will always be looking to refine it and add to it. Be prepared to manage a system that will require changes and fine-tuning in line with developments in your organisation.?

Conclusion?

With today's working environment and threat landscape, which has seen an increase in sophisticated cyberattacks, DLP has grown in popularity over the past few years. Organisations must look to be proactive in their implementation of DLP. Although it can be time consuming and tricky to roll out, its benefits far outweigh the required commitment - and as many of the world's IT and Security professional can attest: "an ounce of prevention is worth a pound of cure".?

If you want to find out more about Implementing DLP please visit our website: Cyber Security Executives | Professional Services | Cyber Security Associates (csa.limited)?

?