An ounce of prevention is better than a pound of cure
by Nick Lowe - Check Point - Wednesday, 22 September 2010.
The famous quote from Benjamin Franklin on prevention being better than a cure could easily be applied to the issue of corporate data losses. It’s far better to stop breaches happening, than to try and clean up the fallout afterward.

Corporate email presents one of the biggest risks of accidental data loss. In fact, given the sheer number of emails an organization sends every day, breach incidents are inevitable. Common mistakes include auto-filling the wrong email address, attaching a different file than the one intended, or sending out sensitive data that really shouldn’t be emailed.

Anyone within an organization could potentially cause a data breach, at any time and in a matter of seconds. Employees may not realize what they’ve done until after the email has been sent. Unfortunately, just one such incident can damage a businesses’ reputation and lose customers.

A CSO from a large organization recently confessed to me that most of his time is spent trying to protect users from their own mistakes. When it comes to securing a key business tool such as email, companies should think about educating employees even before deploying any technological safety net.

No malice intended

Our research found that about 90% of data loss incidents are innocent errors. Most of the time, losses result from very simple actions, such as an employee sending a file to their personal web mail account, so they can work on the document from home. Although the employee has good intentions, such practice is often against corporate policy and can run the risk of turning into a data breach.

So how can businesses efficiently prevent data incidents from happening? Involving individual employees in the corporate security process is the only viable approach to avoid data loss incidents. It is also the only way to turn a DLP solution into a truly preventative tool – as opposed to a reactive tool.

For businesses, proactively educating users about the potential security issues that can arise from seemingly innocuous actions – like sending an email – and reinforcing their overall DLP awareness, will provide the first key defense against data breaches. Let’s take a closer look at this user-focused approach to DLP and how it could work.

Advance warning

First, in order to increase the user awareness, an effective DLP solution will alert the user before they can send a suspicious email that may cause a loss incident.

Let’s take the scenario of an employee who has composed an email, addressed it and clicked on the ‘send’ button. A useful DLP solution should analyse the body of the email with its attachments compared with a set of pre-defined characteristics to identify potentially sensitive data. This could include for example, certain key words in the email body text such as ‘financial’, ‘report’, ‘specifications’, ‘confidential’ and so on.

In addition, file types such as spreadsheets or presentations with financial data, confidential records, or strategic material may need to be carefully scrutinized.

If the DLP solution detects a potential breach based on this analysis, it will override the ‘send’ instruction and present the user with a pop-up alert to inform them of the potential data loss and ask how they wish to proceed. The user will have to decide whether they: a) want to send the email and its attachments as it stands; or b) realize that they have made a mistake, correct the body text or remove the suspicious attachments. There should also be the option for the user to leave a brief explanation as to why they overrode the DLP solution’s alert.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th