Data Loss Prevention (DLP)
In my continuing series of blog posts relating to “The Shift in the Modern Day Workplace,” I’m going to tackle the topic of Data Loss Prevention (DLP) in an easy, digestible way and explain how it relates to ALL organizations.
In the past, DLP was a term primarily associated with organizations that are highly regulated such as healthcare, banking, and insurance. DLP was often identified as a risk or gap during audits and assessments that are common amongst those industries. For other organizations, although it was likely a line item on an IT project plan, DLP was typically not a primary focus and would often be shelved in favor of other projects and initiatives that were more easily quantifiable.
With the dramatic “shift” to Remote Workforce Enablement due to the COVID-19 pandemic, DLP has become a priority for ALL organizations.
Let’s break down the meaning of Data Loss Prevention (DLP).
Data is the digital information* that is created, collected, transmitted or stored by an organization. It could contain:
- Restricted, Private or Public information.
- Personally Identifiable Information (PII) or Electronic Protected Health
- Information (ePHI)
- Company Intellectual Property (IP)
- Other sensitive company information
Loss occurs when any Data deemed valuable and/or sensitive to an organization has been accessed, misused, transmitted, deleted etc. by unauthorized users. It could also include authorized users who are working outside of normal operating protocols. For example, a disgruntled employee has attempted to delete, modify or copy large amounts of company data.
Other types of Data Loss might result from Facility Loss, Power Loss, Data Corruption and more. I will discuss those topics in more detail in an upcoming blog post around Business Continuity & Disaster Recovery.
The P of DLP is simply to Identify, Alert and ultimately Prevent an action that might lead to Data Loss.
In the most simplistic terms, Data Loss Prevention (DLP) simply means To Prevent Data from being Lost!!!
In the past — pre-cloud and pre-Software as a Service (SaaS) — most organizations worried primarily about what was within their four walls. The focus was on securing workstations and servers and the data that resided on them, while limiting outside exposure.
Oh! The simpler times! Well, not anymore.
With the escalated “SHIFT” to Remote Workforce Enablement, in order to survive, organizations are having to re-evaluate their old ways of thinking.
Although, they still use the same basic concepts, organizations must consider much more than what is within their four walls. Employees, contractors, partners, customers and others now need to access organizational data from potentially anywhere, anytime and from multiple types of devices. Plus, that data could be located both on-premise and/or in the cloud. Additionally, the threat of cyber criminals trying to access your data has become far more prevalent and potentially damaging and workplace security is the only
So, what does this all mean.
Based on the “SHIFT” to Remote Workforce Enablement and the fact that the underlying technology is changing, Data Loss Prevention (DLP) has become a top priority for ALL organizations and recognizing the value of data is the first step to protecting your data.
Once organizations have answered the basics and understand the concepts around “The Who, The What, and How,” the next step is to investigate Data Loss Prevention (DLP) Tools and Technology to “Identify, Alert and ultimately Prevent actions that might lead to data loss”.
One such set of tools that has risen to the forefront is available to M365 customers.** Those features*** include:
- Identify sensitive information across many locations such as Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams
- Prevent accidental sharing of sensitive information.
- Monitor and protect sensitive information in the desktop versions of Excel, PowerPoint and Word.
- Help users learn how to stay compliant without interrupting their workflow.
- View DLP reports showing content that matches your organization’s DLP policies.
By taking advantage of these M365 features, you will be on your way to a solid DLP strategy. If you are not taking advantage of these M365 features and need help with implementation, or if you would like to discuss a robust DLP plan, Revolution Group consultants are always available to help. Questions or comments? Don’t hesitate to reach out to our team at 614-212-1111 or [email protected].
*Although, for the purposes of this blog I have focused on digital data, organizations that are still utilizing paper/hard copy also need to establish similar processes and procedures for their analog data.
**Availability depends upon M365 licensing level
***Some content from Microsoft “Overview of data loss prevention,” https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide