Data Loss Prevention Best Practices
Within many organizations, most confidential data is stored in an Enterprise Resource Planning (ERP) system such as Salesforce, WorkDay, or SAP. Since these systems have solid technical and security controls built-in, executives often have a false sense of security, and they trust that their digital assets, confidential data, and intellectual property are all properly protected.
As a result, when we're working with clients, we recommend the following best practices for proactively preventing data loss:
- Run Data Loss Prevention (DLP) scans at least once a quarter.
- Have a strong Information Governance policy in place, identifying who is allowed to export what types of data, for what reasons, and under what circumstances.
- Have strong protections in place around how these types of exported files may be stored, shared, and used -- for instance, can these files be stored on the hard drive of a laptop? Downloaded to a home computer? Stored on an iPad?
- Make sure your IT support staff know what to do when a device containing confidential data is reported lost or stolen.
In addition, it is critical that organizations have clearly-identified roles, responsibilities, processes, and procedures in place around the data loss protection scans themselves. The information governance to define accountability, expectations, roles and responsibilities is the glue that holds together a program and helps translate good intentions into action.