How do you stop users from stealing your data?

by | Mar/4/2009

Business owners and corporate executives often complain that they cannot control data once they trust their end users with it. Furthermore, regulations are requiring that organizations ensure their data is secure.

There are documented problems of employees “taking data home to work on it” and then they lose their memory stick, hard drive, or laptop and the data falls into the wrong hands.  Other employees copy data and send it to competitors. In addition, often, users unwittingly send out private information through insecure channels.

For example, if you stop users from being able to plug in USB memory sticks and portable hard drives, they will burn the data to CD’s or DVD’s. If you stop them from using CD’s and DVD’s, they will e-mail the information to themselves. If you stop them from e-mailing the information through your server, they will get a web mail account and use that to e-mail the data. If you manage to block sending data through webmail, they will find a remote access tool that allows them to transfer files to a remote computer. And so on – it seems that “plugging the holes” is next to impossible.

This is where Data Loss Prevention tools come into play. They restrict users from intentionally, and even unintentionally, sending out private information through any means.

These systems monitor to detect and prevent sensitive information from leaving your organization through any means. If you approve for some users to use removable media such as an external hard drive or USB memory stick, the media can be automatically encrypted without the user knowing what to do.  Some software will even stop users from using the “print screen” option to steal data that way.

When a user unintentionally attempts to copy data, a window pops up explaining that their attempt was blocked and why. This helps educate users about what is and what is not acceptable. This kind of real-time feedback can also generate logs for managers who are looking for trends in employee behavior.

If your organization has intellectual property, private information, or falls within government regulations, it is time to talk to your IT professionals about implementing data loss prevention technology.