Best Practices for Data Loss Prevention
Even though most organizations tend to store a substantial percent of their confidential data in a heavily locked down such as an electronic medical records (EMR) system, an enterprise resource planning (ERP) system, human resources information system (HRIS), or primary productivity system such as Microsoft 365 or Google Workspace, it’s important to proactively protect information and data.
As a result, we recommend the following best practices for proactive data loss prevention:
- Run Data Loss Prevention (DLP) scans at least once a quarter.
- Have a strong Information Governance policy in place, identifying who is allowed to export what types of data, for what reasons, and under what circumstances.
- Have strong protections in place around how these types of exported files may be stored, shared, and used — for instance, can these files be stored on the hard drive of a laptop? Downloaded to a home computer? Stored on an iPad?
- Make sure your IT support staff know what to do when a device containing confidential data is reported lost or stolen.
In addition, it is critical that organizations have clearly-identified roles, responsibilities, processes, and procedures in place around the data loss protection scans themselves. The information governance to define accountability, expectations, roles and responsibilities is the glue that holds together a program and helps translate good intentions into action.
