As of June 2020, more than 3.2 million consumer records were exposed in the 10 biggest data breaches this year. Eight of the ten largest breaches occurred at healthcare or medical organizations, meaning patient information in addition to PII was likely acquired by hackers.
Data loss prevention (DLP) is an ever-changing practice, with new security policies and information security standards evolving to keep up with the threat of online hackers. Nightfall works with many customers, including healthcare organizations, to improve DLP security and implement HIPAA-compliant measures to protect patient data. Here’s a checklist of best practices our experts use when approaching DLP in 2020.
Start with Data Governance
Data governance is akin to doing an audit of your existing data – what you have, where it is stored, and what protocols are already in place. This step in your checklist should help answer the following questions:
- What sensitive data do you hold?
- What is your business’s most important data?
- Where are you storing your sensitive data, internally and with any third parties?
- Where are you transferring data regularly?
Typically, a business will have a few different kinds of data. Customer data includes information gathered from marketing initiatives or through product engagement. Transaction data covers your bank payments, sales records, and receipts from your suppliers and other partners. Your business data will include intellectual property – patents, trademarks, and your business plan. Lastly, most businesses store PII – personally identifiable data, such as birth dates, credit card numbers, and employee biometric data.
Do a deep dive to understand where these types of data are being stored. Are you working with third-party platforms (think: Slack and Google Drive) that may have access to your data? Are you storing data on the cloud, on external hard drives, or backed up to a third-party server? How is data transferred in and out of your business? Once you have a clear picture of how data lives in your organization, move down the checklist to data loss prevention.
DLP Security
Approach DLP security by categorizing data into three groups: data in motion, data in use, and data at rest.
DLP for Data in Motion
Data in motion is any data that is sent to and from computer systems, such as from the desktop to the cloud, or between smartphones. Here are some best practices to improve your information security standards related to data in motion:
- Perimeter security: use DLP technology, firewalls, proxy servers to prevent unencrypted, sensitive data from leaving the perimeter of your business network.
- Network monitoring: add a DLP solution that monitors and alerts your IT team when inappropriate or sensitive data transfers take place.
- Control internet access: use proxy servers and content filters to prevent members of your organization from accessing unauthorized sites or uploading data where they shouldn’t (e.g., social media or personal email).
- Secure data exchange with third parties: securing email, FTP, and APIs can prevent data loss when sharing data with partners and other third-party vendors.
- Instant messaging: consider limiting what data can be shared through IM by adding firewalls, proxy servers, workstation restrictions, if possible – if your office is working remotely, this may be a hindrance to productivity.
Once you secure the channels through which data travels, turn to your active channels to make sure that data in use is not accidentally leaked.
DLP for Data in Use
Data in use is defined as “that is not just being stored passively on a hard drive or external storage media.” It could be sales data that you’ve collected throughout the week and haven’t yet analyzed or customer data that you’re working on for a marketing campaign. Take these steps to secure your data in use.
- User monitoring: control who is able to access, use, manipulate, and upload data, as well as override DLP controls or perform mass data extracts.
- Data sanitation: anonymize and scrub sensitive data that’s not necessary for the intended use (e.g., separate PII from customer records when working on a generic marketing campaign).
- Data redaction: remove sensitive data from reports and extracts when it’s not needed for the intended use.
- Export/save control: restrict the ability to copy, paste, and print sections of documents into web pages or email messages.
Education is also necessary to prevent those in your organization from committing errors that can open your system up to bad actors. Create security protocols around the handling of sensitive data to improve DLP.
DLP for Data at Rest
Finally, focus on these solutions to secure your data at rest – data stored in a device or cloud that is not used or transferred regularly.
- Endpoint security: use security software and firewalls to prevent malware, viruses, spyware, etc.
- Host encryption: encrypt your devices’ hard disks – including servers, workstations, laptops and mobile devices.
- Mobile device protection: dive into your teams’ work phones and configure built-in security features, such as remote wipe capabilities and password protection.
- Network/intranet storage: adopt security protocols using control software and permission controls in operating systems, databases and file storage systems to govern access to data repositories.
- Physical media control: add controls to make sure that data extraction only takes place on encrypted devices and channels.
DLP for the Cloud
As cloud adoption accelerates, cloud DLP is becoming an essential aspect of data loss prevention in the modern era. The large amounts of data moving into and throughout SaaS and cloud infrastructure makes these systems critical targets when it comes to data security. In order to protect cloud data, cloud DLP provides:
- Cloud data visibility: Cloud data loss prevention can provide a detailed view of what types of data are stored in SaaS and IaaS systems, allowing you to quantify your data exposure risk and take action after reviewing informative alerts.
- Automated and accurate alerting and redaction: Cloud DLP that is built to be cloud-native supports API connectivity and thus and integrate with a variety of cloud platforms and systems. This allows Cloud DLP to provide an unfiltered look at what's happening in the cloud, as well as the ability to take actions on your behalf if necessary. This can include redaction or quarantining of files and content containing sensitive information, for example.
How Nightfall Improves DLP Security
Historically, DLP platforms focus on securing data kept on laptops, phones, servers, or networks. This limits how you protect data in motion and data at rest. These traditional platforms fail to provide visibility into cloud applications and cloud data infrastructure – tools many businesses are using more frequently as we move toward remote work.
Legacy DLP solutions are also limited in what they can recognize. These solutions rely on detection methods such as regex rules and digital signatures/fingerprints. These have severe limitations in accuracy, usually resulting in a high volume of false positives, and significant alert fatigue for end-users. Your IT team spends time chasing ghosts, resulting in negative ROI and limiting the value of the DLP solution.
Nightfall is the industry’s first cloud-native DLP platform focused on detecting and protecting data in the cloud by integrating directly with these services via their APIs. We leverage machine learning to scan data and its surrounding context. This allows Nightfall to scan both structured and unstructured data with high levels of accuracy. Many of our clients choose Nightfall as the first, automated response to data leakage events, yielding measurable time savings for their IT teams. Take back your time and turn a negative ROI with traditional DLP into positive ROI with Nightfall.
If this checklist feels overwhelming, that’s because data is vulnerable at many points. Luckily, a DLP security solution like Nightfall can help.