If the DLP solution detects a potential breach based on this analysis, it will override the Ďsendí instruction and present the user with a pop-up alert to inform them of the potential data loss and ask how they wish to proceed. The user will have to decide whether they: a) want to send the email and its attachments as it stands; or b) realize that they have made a mistake, correct the body text or remove the suspicious attachments. There should also be the option for the user to leave a brief explanation as to why they overrode the DLP solutionís alert.
But what happens if, after seeing the pop-up alert, the employee decides to send the email anyway, resulting in data loss? The DLP solution keeps records of all of the userís actions, of the fact that they were alerted, as well as the justifications they provided, giving an audit trail for subsequent analysis. This establishes a clear chain of events when reviewing a data-loss incident, which is useful for internal review and external compliance purposes.
The aim is to create a decision point for the user, encouraging them to review what they plan to send, increasing their responsibility, and helping to correct any digressions from the companyís security policy before an incident happens.
Preventing loss, reaping the gains
To summarise, the benefits of this approach to DLP fall into two main areas. It allows companies to significantly reduce the number of data loss incidents upon deployment. As employees experience the DLP solution in action, they will learn more about data loss, how it typically occurs and how to avoid it. This encourages adherence to company security policies. Over time, pop-up alerts to users will most likely decrease as users become increasingly aware of the types of activity that trigger an alert.
Also, engaging the users in the DLP process will directly benefits the organization, by reducing the burden of day-to-day security management from IT staff. The majority of decisions about whether content can be sent or not, is taken by users directly Ė a sharp contrast to previous-generation DLP solutions that require IT staff to check every email flagged as a potential risk. Empowering the user enables IT teams to focus on more strategic tasks, instead of getting bogged down in email approvals.
When it comes to preventing data loss in the corporate environment, technology alone is not the answer, but it can be used as a safety net. This, combined with educating users to become more aware of the impact of their actions, is the best method for minimizing the overall security risks. Benjamin Franklin was right: an ounce of prevention truly is better than a pound of cure.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.