Endpoint DLP Plus Best Practices
Data loss prevention solutions are steadfast in mitigating data loss but if the implementation isn't thorough, it can result in security blind spots that opportune hackers will eventually find and exploit. To harness the full potential of Endpoint DLP Plus, here are some best practices for enforcing air-tight data security.
The list will be in order of the 3 main stages in endpoint data protection implementation:
- Data discovery and classification
- Securing data transfer avenues
- Audit data analysis and policy evaluation
Data discovery and classification
- Identifying exactly which data to prioritize in terms of security. For ordinary information, protection can be lenient because even if it's disclosed, it does negligible harm to the organization. For sensitive information, protection has to be stringent.
- Create custom groups of managed computers according to functions or departments to focus your search. High profile project teams or the computers belonging to the respective leads of each department are more likely to harbor sensitive content.
- Once the locations of all data is found, to increase efficiency, utilize pre-defined templates to find common forms of sensitive data such as PII or financial data. To more easily find the templates you're looking for, you can filter by country as each nation has a specified format for sensitive documents.
- For sensitive document format types that differ from the pre-defined templates, you can create a custom template using fingerprinting technique. If the format of the document in any of your endpoints matches that of the custom template, it'll be considered sensitive. Make sure to specify how many times a sensitive item has to appear in the content for the entire file to be classified as sensitive .This helps discern informal and official documents.
- If you're customizing templates to find specific files such documents including identification (names, addresses etc), keyword search can be used and for documents that contain strings with a pre-defined number of characters (credit card or phone numbers), RegEx can be used.
- Further streamline sensitive data classification with data containerization: the process by distinguishing software apps as enterprise or non-enterprise so that important info in trusted apps can be prevented from being transferred to non-work spaces or unsanctioned apps.
- If your organization mandates that only corporate files are communicated between enterprise friendly applications, you can enable "Automatically classify files as sensitives when downloaded from corporate boundary". This ensures the file originating from a trusted app is labelled immediately so that all important data is accounted for.
Secure and monitor data transfer avenues
- Block all questionable peripheral devices. This includes USB and other auxiliary data transfer tools. Ensure that only a select few printers used by highly authorized employees can download and print sensitive files.
- Limit the usage of cloud applications to a select few trusted users only. Ensure that only the well-known browsers tracked by your IT department can access sensitive data. Computers that don't belong to highly authorized personnel should be blocked from transferring sensitive content via browsers.
- Block the usage of third party cloud applications such as drives and websites to archive business critical data as these services can have unresolved flaws that could lead to data disclosure or espionage.
- At the start of implementation, decide which email domains are to be trusted to upload or send sensitive content. It is recommended that official domains belonging to the organization are whitelisted so that personal email IDs will be blocked. For facilitating collaboration outside the company, verified outlook email address can also be included as trusted.
Audit data analysis and policy evaluations
- Schedule audit data to be sent to your email for review reminders. Leverage the extensive audit data to evaluate user behavior and to shortlist those which trusted users regularly communicate outside the boundary. To maintain productivity, they can be given the option of overriding certain policies after providing a justification for audit purposes.
- Ensure that ordinary users who occasionally need to communicate outside the organization will have to request direct permission along with providing a reason. When reviewing the requests, if there is a false positive, the policy can be modified right away.
- Intermittently analyze notifications and alerts of attempts to bypass applied policies. Even though the actions will be blocked, this will provide insight into any suspicious activities in progress so that they can be addressed instantly.
The above guidelines for Endpoint DLP Plus will aid admins in securing all avenues of data transmission in order to implement meticulous and proactive data security.
Download a 30-day free trial with unlimited features and try it out for yourself!