26 data loss prevention best practices from the experts

Whether it’s to comply with consumer data privacy laws or industry regulations, ensure the security and confidentiality of your company’s intellectual property, or lower cyber insurance costs, every business has reason to be concerned with data loss prevention today.

Government and industry regulations are becoming increasingly stringent and requiring companies to adequately protect sensitive consumer data. Cyber attacks continue to plague businesses in every industry, and insider threats remain common, even in companies that provide cybersecurity awareness training.

It’s crucial for businesses to implement data loss prevention best practices to secure their sensitive data. To learn more about what your company should be doing to protect its data, we reached out to a panel of data loss prevention experts, cybersecurity professionals, and business leaders and asked them to answer this question:

“What's your single most important best practice when it comes to data loss prevention?”

Meet Our Panel of Data Loss Prevention Experts & Cybersecurity Professionals:

“The key to an efficient data loss prevention strategy is…”

Complete visibility of sensitive data.

First, a company must identify, classify and keep an inventory of sensitive data — either critical for its business operations or falling under data protection laws and regulations, such as GDPR, HIPAA, PCI DSS, etc. Second, it's important to know where and how this data is stored. Third, continuous monitoring of confidential data access, modification, transfer, and deletion is necessary to spot, investigate, and respond to any suspicious activity in a timely manner.

“Identify your crown jewels…”

To effectively prevent data loss, it's important to identify your company’s most valuable or critical assets, also known as the crown jewels. These could include intellectual property such as recipes, source code, or formulas.

Engaging executive and senior leadership in directing the data loss prevention (DLP) program can help ensure that the program aligns with the organization's priorities.

This is known as a top-down approach. Additionally, input from technical leaders can help to improve the value and creativity of the DLP program.

Jonathan Srugo

Jonathan is a CISO/CIO at Nebotain with three decades of Offensive and Defensive Cyber Security experience in global and technologically diversified organizations. He has a deep understanding of Threat Actor TTPs, cost effective defensive countermeasures, and vigilant incident response experience and has operated within military, law enforcement or government classified environments holding relevant government and private sector security certifications.

“Let your business stakeholders endorse, sponsor and drive the project…”

Remember, the data belongs to the business — not to the CISO, and not to IT. Business executives are the ones that have to support the initiative after they understand the value of their data in financial terms and any liabilities that the organization may incur if the data is lost. A preliminary first step that is crucial for the success of any data protection initiative is to find the accountable party (CMO, CFO, DPO) and empower them to drive the project. The business’s endorsement of the project needs to be supplemented by a properly documented, approved and communicated data protection policy which is endorsed and sponsored by the CEO and the board.

The data protection policy must reflect what data you hold, why you hold it, its sensitivity from a commercial, regulatory and legal perspective, and very specific requirements on how to store, transmit, communicate, process and use the data in a manner that is acceptable to the organization. If you don't go through this rather painful and long process BEFORE you embark on a DLP journey, you are bound for failure which will result in misalignment with your business executives, wasted operational resources and money going down the drain.

Omar Masri

Omar Masri is a software entrepreneur, founder and CEO of Mamori.io, which helps businesses overcome the cost and complexities of cybersecurity – preventing attacks while meeting compliance and cyber insurance requirements. He is also a director of a data migration and security services company and is co-incubating a non-emergent transport services startup.

“The MOST important best practice when it comes to data loss prevention is to…”

Automate ISO 27001 A.9.

Organizations can spend millions on all the fancy and most cutting-edge data security solutions — PAM, DAM, 2FA, Zero-Trust Network Access, you name it — but if IT admins are manually onboarding and offboarding people's data access rights and not providing access on-demand, then over-provisioned data access will occur (think Edward Snowden) and privileged zombie accounts will linger, creating a huge risk of data loss from both internal and external threats. This risk is the result of overworked IT admins who don't wish to be the bottleneck to disrupt workflows, plus the lack of automation tools out there. At Mamori.io, we remove this key risk by automating the entire ISO processes and making it on-demand.

“Vulnerable system security is the biggest threat to any organization when it comes to data loss prevention…”

To ensure your company is protected, you should implement continuous monitoring and maintenance of system security policies and procedures. Regular patching and updating of systems should be done on all devices and applications, as well as establishing access control protocols that restrict user access to only the necessary resources. Additionally, you should consider implementing a system of data encryption and secure backups to ensure your company’s sensitive information is protected from potential attacks.

Finally, it's important to establish an internal culture that encourages employees to be aware of any potential risks and how to properly handle the data they have access to. Train your employees on proper security protocol and make sure they are aware of the consequences if they fail to follow policies. Having a strong security-conscious culture will not only protect your company from malicious activities but also reduce the likelihood of a breach in your system, thus ensuring full safety and protection for all information.

“One of the most important best practices for data loss prevention is…”

Having a fully protected, immutable backup of your data.

How? Create a backup inaccessible from all unwanted resources (i.e., hackers, viruses, malware, etc.). It should be fully protected from outside modifications or access. One potential threat, for example, is that while a hacker may not be able to read your data, they can potentially access and modify it, thereby rendering it useless and wreaking havoc for your business.

Bottom line: Keep your backup data isolated and inaccessible from outside sources.

The solution: Have an isolated backup device via network and cloud isolation. Here at Stratti, we require our clients to have backup redundancy because it’s another piece to ensure integrity.

No network is 100% impenetrable. But the integrity of the data can be maintained through isolation.

“One of the most important best practices for data loss prevention is to…”

Regularly back up all important data and store the backups in a secure location.

By creating and maintaining frequent backups, organizations can protect themselves against data loss due to a variety of threats, such as cyber attacks, hardware failures, and natural disasters. It is important to ensure that the backups are stored in a secure location, such as an offsite data center or cloud storage service, in order to prevent unauthorized access or loss.

Additionally, it is a good idea to test the restores from the backups on a regular basis to ensure that they are working properly and can be used in the event of an emergency.

“The single most important best practice when it comes to data loss prevention is to…”

Ensure that your organization has effective policies and procedures in place. These should include measures such as encryption of sensitive data, access control measures, regular backups and disaster recovery plans.

Additionally, it’s important to ensure that all staff members are aware of the importance of keeping data secure and the steps they need to take in order to comply with these rules. Regular training sessions for staff can help ensure everyone is up-to-date on security protocols.

Lastly, having a comprehensive security audit conducted regularly is essential for ensuring any potential risks are identified and addressed accordingly. Following these practices will go a long way towards helping you protect your organization's valuable data.

Eric Florence

With a strong commitment to online security and digital freedom, Eric is working hard to deliver the content and analysis his audience is looking for. When he is not coaching or consulting at SecurityTech, his other passions include web development and finding new ways to use VR.

“The single most important best practice for DLP is…”

Implementing strict data guidelines for members of your organization.

A surprising amount of data is lost unintentionally. If an organization has lax protocols for handling their data, an employee pays no mind to security. Their negligence leads to sensitive information being destroyed or stolen. It happens every day. Thankfully, DLP regulation is helping to solve this problem.

“The single most important best practice for data loss prevention is…”

Identifying and classifying sensitive data.

It is necessary to have a complete inventory of the many kinds of data you own before you can effectively protect it. Data discovery technology will analyze your data repositories and send you the results. This will provide you with visibility into the content that needs to be protected.

Regular expressions are typically used for data discovery engines’ searching capabilities. These expressions offer great flexibility but may be fairly challenging to develop and fine-tune. By controlling user access to data and avoiding storing sensitive data in insecure locations, you can reduce the risk of data leaks and loss by using data discovery and classification technology.

You should ensure that any critical or sensitive data is clearly tagged with a digital signature that specifies its classification. This will allow you to protect the data based on its value to the company. Tools provided by a third party, such as Netwrix Data Classification, have the potential to simplify and improve the accuracy of data findings and classification.

The classification may be revised during data creation, modification, storage, or transmission. However, restrictions should be in place to stop users from manipulating classification levels if it’s not absolutely necessary. For instance, the ability to degrade data classification should only be available to people with privileged access.

Jacob Hinson

Jacob Hinson is the Founder of eLocker, the world's first wireless smart lock. His beyond the box thinking and entrepreneurial drive have helped eLocker solve warehouse and office difficulties and build long-term business relationships. He likes giving a distinct, hands-on viewpoint on existing, potential, and hypothetical concepts.

“Data loss prevention is an essential practice for any organization that manages and stores data…”

The most important strategy I use to ensure the protection and security of this information is prevention. This means using preventative measures such as strong authentication for logging in, up-to-date antivirus software, firewalls, anti-malware programs, secure data storage, backup protocols, and user access control.

Additionally, performing regular scans and auditing system logs can be an effective way to identify weaknesses in the system that may lead to a breakdown in security or be vulnerable to unauthorized access. Data loss can be decreased substantially through these practices while boosting overall security and providing peace of mind.

“The most important best practice when it comes to data loss prevention is to…”

Backup your data regularly.

Data backups allow you to restore any lost or corrupted files quickly and easily, so it’s essential that you develop a reliable method of backing up your systems on a regular basis.

When creating a backup strategy for your business, consider the following points:

Establish an effective and efficient way of storing multiple copies of your most valuable data in case the primary copy becomes corrupt or otherwise unusable.
Wherever possible, use cloud-based solutions to store large amounts of information more securely. Cloud-based storage solutions allow you to retrieve files from any location without having physical access to hard drives, USB sticks, etc.
Choose automatic updates wherever available and ensure they are carried out frequently. Automatic updates will help reduce the risk of malicious software infections that can put all stored information at risk.
Assign roles and responsibilities with regard to who’s responsible for keeping tabs on things like virus protection, firewall configurations, etc. You should also set up secure processes, such as encryption protocols, for moving sensitive information around networks.
Make sure you know exactly what kind of data you have and what level of protection it requires. If you hold personal customer details, make sure procedures are implemented in line with legal requirements such as GDPR compliance measures and other applicable regulations.

Overall, regularly scheduled backups should always form part of any successful disaster recovery plan. Having multiple versions stored offsite (or preferably in the cloud) dramatically increases your organization’s chances of recovering from potential losses due to
hardware/software failures, malicious attacks or disasters — be them natural or manmade.

“The single most important best practice when it comes to data loss prevention is…”

Keeping your data safe.

When you're dealing with sensitive information, you want to make sure that it's being handled with care and that it's being stored in a secure location. If you don't take the time to ensure these things, then there's no way that you can guarantee that your data will be protected if something goes wrong.

The best thing you can do is educate yourself on how to protect your data and then put those strategies into action. You can do this by reading up on DLP best practices or even talking with a professional who specializes in this type of work. By educating yourself, you'll be able to develop strategies that will help keep your data safe from hackers and other malicious actors who may try to access it.

“The single most important best practice when it comes to data loss prevention is to…”

Make sure that users are only given access to the data and information they require to perform their role. In case the user needs more access, they must submit a request that is provided to the relevant person who can grant them access. This extra access should be on a time-limited basis.

“For data loss prevention, training is a must…”

With training, companies can protect themselves against potential threats. Employees must be trained on best practices such as:

Do not disclose personal information.
Pay close attention to the storage and disclosure of sensitive data.
Do not save personal information on unsecured or public computers and devices, and be careful when passing this data on in phone calls, messages, or emails to third parties. Always confirm that you are speaking to official contacts. When in doubt, do not disclose information.

“The single most important best practice for data loss prevention is to…”

Make sure all of your critical data is backed up and stored in multiple secure locations. By keeping regular backups of your data, you can quickly recover from any unexpected system failure or malicious attack that may cause data loss. Additionally, you should also ensure that your computer systems and network infrastructure are protected with reliable antivirus/malware software and secure passwords.

“When it comes to data loss prevention, my single most important best practice is to…”

Always have a backup plan in place. Whether you're backing up your personal files or your business's critical data, it's essential to have multiple copies in different locations. That way, if one copy is lost or corrupted, you'll always have another to fall back on.

There are many different ways to backup your data, so you'll need to find the best solution for your needs. For personal files, you might opt for an external hard drive or cloud storage service. For business data, you might choose an on-premises storage solution or a cloud-based backup system. Whatever option you choose, be sure to set up regular backups so that your data is always safe and sound.

“The most important best practice when it comes to data loss prevention is to…”

Encrypt data before sending it over any network. This will prevent anyone who intercepts your network packets from accessing your data in plain text.

It's also important to implement a solution that will allow you to revoke access if an employee leaves the company, as well as one that can handle all types of formats. You'll need both options to allow you to move forward with an effective data loss prevention solution.

“The most important best practice when it comes to data loss prevention is to…”

Choose the DLP support team and stakeholders.

It is not unexpected to see that many organizations have DLP in the environment but hardly use the features or have support teams to manage problems. That’s why it’s important to identify the DLP stakeholders and support team.

Establish a DLP committee within the organization with representation from senior leaders, business unit managers, legal, and infosec management. Consider collaborating with a managed service provider that specializes in DLP if your internal resources are insufficient to support DLP operations.

Today’s companies must have effective data loss prevention measures in place to reduce risk and prevent data loss. That’s why it’s important to invest in a DLP solution that addresses the many challenges of data loss prevention in the modern landscape, such as Reveal from Next DLP, which offers a comprehensive, cloud-based data loss prevention solution at a cost-effective price point.

Reveal runs a lightweight agent that’s easy to deploy and use, provides on-the-fly data classification (eliminating the need for additional classification tools) and offers pre-built and customizable rules and performs incident-based training, advanced content inspection, and automated enforcement with efficient CPU usage. Book a demo or contact Next DLP to learn how your company can take advantage of this comprehensive and innovative DLP solution.

How to extend Zero Trust security to the endpoint

What is Zero Trust for the cloud?

26 Data loss prevention best practices from the experts

Meet Our Panel of Data Loss Prevention Experts & Cybersecurity Professionals:

Dmitry Kurskov