31 August 2010

Data Loss Prevention: SmartRules™ for plugging sensitive information leaks

Technology continues to rapidly redefine the traditional concept of ´the office´. With mobile devices and high-speed broadband access, today´s office workers are empowered to quickly and easily share information from wherever they are – whether that´s a hotel room half way across the world from their colleagues, or at a backyard barbeque just down the road.

However in this ever more wired world, increased ease of access means increased risk of data loss – particularly with email.

Data Loss Prevention (DLP) is the art of stopping sensitive information leakage. Every company should have a comprehensive, company-wide policy to protect its sensitive, proprietary data. A good DLP policy should let you:

1. Identify your sensitive data and its location on your network.

2. Watch and track who is using your data and what it's being used for.

3. Safeguard your sensitive data and stop it from leaving your company.

Identify...

Identifying all your sensitive data and the location of that data on your network is the fundamental task of a good DLP policy. Without knowing what your sensitive data is, or where it's located, it's impossible to watch or safeguard it. Think about not only the types of data you're likely to want to protect – such as credit card details, personally identifiable information like birthdays, drivers licence details or even IP addresses – but also the location of that information. This should include not only laptops and desktop computers, but also USB-capable devices such as iPhones and any data stores such as SQL databases.

Track...

Once you've identified your company's sensitive data you can implement policies to watch and track who is using it and what they're using it for. High-speed broadband and mobile working environments let staff quickly share and distribute information, no matter where they are. Email remains the most popular tool for distributing information – and it also remains the biggest security problem for companies. The simple-to-use nature of email makes it almost impossible for employers to track what employees are doing with sensitive company data.

Safeguard...

DLP is a growing and persistent problem for businesses. The SMX solution is SmartRules™. SmartRules™ is a simple-to-use, portal-based product managed by SMX, which allows employers and company owners to have confidence in the security of their sensitive data. IT administrators or managers can secure the data emailed from the company network and also control the email content entering the network. SmartRules™ fills the DLP holes in email, while allowing staff to keep working uninterrupted.

As email is so easy to use, it´s important all businesses – those with and without a dedicated IT administrators or managers – can quickly and easily get up and running with a DLP policy in place for email. As the only object-based (´drag and drop´) solution in the market SmartRules™ is easy to set up, use and customise for any size organisation.

By having a tool (like SmartRules™) that allows you to create rules to identify, audit and safeguard your company's sensitive data, you can avoid potential legal issues – such as your staff sending a customer´s data to their competitor . You can easily create rules to search for certain words or document names in emails. Rules that trigger based on this content can then either silently alert you that someone is sending sensitive data, BCC you a copy of the email in question, or block the email from going out entirely. For example, you might set policy which alerts your HR personnel that an employee is sending out their CV. You can also create complex rules to block other kinds of content from entering or leaving your network. For example, you can disallow video or other multimedia files, as well as offensive language. You could also block common social networking sites if they´re not suitable for workplace communications.

Once implemented, a DLP tool (such as SmartRules™) lets you rest easy knowing that none of your company's sensitive data is leaving your network without your knowledge.

For more information on DLP, or how SMX's SmartRules™ can help you get on top of your email security concerns contact us.