Discover: What data do you have that someone would want?
You can’t protect what you don’t know you have. The first best practice for data security is knowing where your data is. Data stored across multiple devices and cloud services need to be discovered and categorized according to sensitivity and accessibility. Understanding what data you have, where it’s located, and its level of sensitivity, gives you and your business stakeholders a real-world map of all your critical information assets and provides you with the insight you need to build the right policies to protect your data. Not sure where or what data you have? Data Loss Prevention (DLP) solutions will help you inventory and categorize your data and automate remediation tasks.
Monitor: Where does your data go and who uses it?
No matter what your business is, once you know what data you have you need to know where it goes and who is accessing it. Having the visibility to identify sensitive information over any application, any protocol, any port, and in any form—with a high degree of accuracy—is critical. Using historical information to understand what data is sensitive, how it is being used, who is using it, and where it is going gives you the ability to build effective and accurate policies the first time and allows you to anticipate how changes in your environment might impact the security. This process can also help you identify previously unknown risks.
Prevent: What policies and processes are needed to effectively secure your data?
The more people share information electronically, the greater the likelihood that someone will inadvertently or intentionally send sensitive data to an unauthorized individual and put confidential corporate data at risk. Information can leave the company across many different channels—email, web, instant messaging (IM), or FTP. Now that you understand what data you have and how it’s being used, you can determine how specific types of data can be handled or shared. Determine which messages or transactions are allowable and what protection they require. Do they need to be encrypted to ensure data privacy? Are there types of communications that are simply unacceptable at any time and must be blocked? Enforcing the right policies at the right time is essential to ensuring data security, regulatory compliance, and intellectual property protection.
Control: Can you stop data from being shared on removeable storage devices?
The 2017 Verizon Data Breach Investigation Report showed that 25% of data breaches involved internal actors. Although useful in day-to-day situations, USB drives, MP3 players, CDs, DVDs, and other removable media also pose a real threat to data privacy. Their small size and enormous storage capacity make it all too easy for confidential customer data and intellectual property to walk right out the front door and fall into the wrong hands—whether through loss or theft. An effective DLP solution should enable you to monitor and control data transfers from all desktops and laptops—even when not connected to the corporate network.
Extend: Can you protect data from device to cloud?
With the corporate perimeter disappearing, it is getting more challenging for corporations to enforce compliance in today’s anywhere and everywhere environment. Organizations of all sizes are adopting cloud-based services, such as Microsoft Office 365, as a way to give users greater flexibility and access to core business applications anytime, anywhere, and on virtually any device. To fully protect your data from device to cloud, you need expansive, yet flexible, policies and data security best practices that address risky employee behavior by protecting sensitive data from day-to-day user actions—sending email, printing, uploading to the cloud, saving to a USB—wherever they may happen.
Visit our data protection solutions page to learn more about how McAfee can help you protect your sensitive data through implementing effective data security best practices.