Hacking DLP: how we can manage data loss when everyone is WFH
- Published: Wednesday, 20 October 2021 08:36
Working from home has brought many benefits to organizations but has also presented significant challenges for IT teams. Tim Bandos explores how WFH has impacted data loss prevention and how organizations can improve in this area.
Businesses have realized significant benefits from the remote working revolution. Working from home helped corporate teams thrive amidst a global pandemic, and has enabled access to global talent across geographies and made roles more inclusive. For IT teams, however, WFH has been a nightmare.
WFH means distributed employees, which creates huge security challenges due to extended network perimeters and compromised visibility. Security teams have lost oversight of how users interact with data and store files - not to mention how they share information and documents.
The chaotic and seemingly uncontrollable flow of data in this new remote working world has prompted a dangerous misperception: that data loss prevention (DLP) is ineffective when managing WFH employees. This view is more than just false - it’s outright fatal. The sensitive data that companies generate and process is truly precious - regardless of how it’s handled - and losing it spells almost certain catastrophe for an organization.
Do you want to keep your business compliant with data protection requirements, protect your intellectual property, and defend against cybercriminals? Then you must minimise data loss, and the best way to do that is to put DLP solutions in place.
The impact of WFH
The move to remote working has made all forms of data loss more prevalent. Some leaks, understandably, are accidental, such as sending a file to a personal email account. Others are more intentional. Such deliberate leaks can involve either team members retaining classified information for their own benefit or external hacks by cybercriminals breaking in from outside. WFH also exposes organizations to more risks through increased network scope, the introduction of new devices and an overall lack of visibility.
This isn’t just theory - data bears it out. According to Digital Guardian’s latest Data Trends report, data egress via all means (email, cloud, USB and more) spiked by 80 percent in the first month following the WHO’s COVID-19 pandemic declaration, and more than 50 percent of observed data egress was classified data. With the weakening of security infrastructure, malicious activity also increased, and Digital Guardian customers reported a 62 percent increase in malicious activity following the pandemic declaration. The lesson is clear: it’s now more important than ever to defend against data loss.
All data is valuable, but some data is more valuable. The first step in effective DLP is determining which data is important to safeguard and labelling it as such. Organizations should label sensitive information such as intellectual property, financial information, healthcare, and information subject to compliance regulations. Then, they should ensure they have robust policies in place to prevent unauthorised access of this data. These protections should bar access to employees who don’t need to interact with it, for example, through using the security features of cloud-service providers.
You can achieve further data protection by strengthening the security around your organization’s network. A company with a remote workforce should be using a Virtual Private Network (VPN) so team members using insecure or public networks aren’t exposing the network to attack. To properly secure the network, use multi-factor authentication with a VPN, but remember: hackers can still successfully attack VNPs.
Use virtual desktop infrastructure (VDI) as another way to limit the risk introduced by remote workers using their personal devices on a corporate network. VDI and Desktop-as-a-Service (DaaS) providers, like Amazon Workspaces, let organizations implement strong controls and restrict users from moving or copying data to local devices, which additionally helps manage internal threats.
But even the best defences / defenses falter and that’s why continuous monitoring is a crucial part of DLP. Tools that monitor network and endpoint activity help spot external cyber attackers who have entered a network and can stop them before they do real damage. Continuous monitoring tools can also provide evidence of employees who are siphoning off sensitive information, potentially to give to competitors.
Education and DLP champions
When it comes to DLP, however, processes are just as important as technology. Education is essential to DLP best practices so make all employees fully aware of security risks, including how their individual activity protects or threatens the safety of data and what this means for the company.
Security awareness training sessions are a well-established way to improve the security hygiene of an organization. To truly embed DLP into business processes, however, organizations should consider appointing DLP ‘champions’ in every department. Much like security champions, these individuals act as a point of liaison between the security team and the rest of the company, helping integrate DLP at every level as well as alerting security teams to protection issues of which they may be unaware.
Finally, remember the legal team. Integration with your organization’s legal department is paramount. You need to know your processes are in line with compliance regulation and keep abreast of any related legislative or legal updates.
Proving value to your C-suite
DLP isn’t a security-only decision -- you absolutely need involvement from the C-suite to make solutions a success. It can be challenging for non-technical board members to understand the value DLP programmes deliver in terms of time, money, and energy -- but it’s worth it for you to do so.
The key here is to highlight how the investment in protection far outweighs the cost of lost and critical data. Whether through a stolen trade secret, a General Data Protection Regulation (GDPR) fine or a ransomware attack, a single data breach has huge profit-destroying potential.
It’s also important to reassure the C-suite that DLP software need not require huge costs. Managed DLP services can offer scalable support and high-level security at cost-effective prices.
WFH and DLP are two three-letter acronyms that belong together. With offices spanning miles and data flying between devices, WFH has complicated the job of security teams. But it hasn’t made it impossible. Carefully labelling data, choosing the right technology, delivering company-wide education and appointing DLP champions will go a very long way in securing sensitive data and creating a resilient organization fit for this new WFH era.
Tim Bandos, CISSP, CISA, CEH is CISO and VP Managed Security Services at Digital Guardian and an expert in incident response and threat hunting. He has over 15 years of experience in the cyber security world and has a wealth of practical knowledge gained from tracking and hunting advanced threats that target stealing highly sensitive data.