Data exfiltration is a major problem in the modern organization. If your organization stores or handles sensitive data, then you need to have a plan in place to stop data exfiltration—including intentional data theft and accidental data leakage. Both purposeful and negligent misuse can lead to serious consequences.
Let’s take a look at the best way to prevent sensitive data from being exfiltrated from your organization.
Know Thyself: Identifying Your “Sensitive” Data
The first step in protecting your sensitive data is to understand exactly what data your organization possesses and handles, and how sensitive that data is. For some organizations, regulatory and compliance frameworks are very clear about what constitutes sensitive data and how it must be treated. For example, GDPR outlines the steps that must be taken to ensure secure processing of all personal data, which they define as:
Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
Any organization who processes the data of EU citizens must follow GDPR requirements or risk serious fines. Similarly, industry-specific guidelines like HIPAA provide specific protection rules around uniquely sensitive data like protected health information (PHI). PCI-DSS outlines security measures that apply to cardholder data.
Depending on your organization’s location, industry, and the nature of your business and your customers, you will have different types of sensitive data and thus different requirements you must meet.
It’s also important to recognize that, even if there is not a specific regulation requiring you to protect a certain type of data, there may be good reason to do so anyway. If you handle uniquely sensitive information—for example, career data at a recruiting agency—or are vulnerable to reputational damage if data is exfiltrated, then it’s a good idea to take extra precautionary measures to protect your data. You may also want to think about intellectual property and other types of data that may not harm your customers if exfiltrated but that could certainly hurt the business itself.
The bottom line is that understanding what constitutes “sensitive data” for your unique organization is the first step to protecting it.
It’s Alive: Focus on Sensitive Data in Motion
Some of the tools on the market that purport to help you protect sensitive data require you to manually catalog data via a classification scheme. While at first this may seem appealing, the reality is that data moves too fast in the modern organization for this to work. Traditional data loss prevention tools (DLPs) are high-maintenance and require an endless fine-tuning of rules and signatures. They are also often quite easy for technical users to bypass, and they have a particularly troubling blind spot around insider threats (a very common source of data loss).
Instead of using a static tool like a DLP that focuses on classifying data, we recommend that you think in terms of activity. This includes both user activity and data activity. User activity will tell you when your insiders are interacting with sensitive data in a way that may not be secure.
Movement from one part of a system or network to another can often indicate that sensitive data is in the process of going someplace it shouldn’t. For example, users may attempt to exfiltrate data using:
- Cloud storage services
- Business, personal or temporary email clients
- Removable media, including USB drives
- Keyboard shortcuts, including copy/paste
- Print jobs
- & many more vectors
Data activity will show you when data is moving in a way that could pose risk. This one-two punch approach is the best possible way to prevent data exfiltration within a complex, modern organization where data is growing, moving, and changing all the time.
Visibility is the Key to Protecting Sensitive Data
With an insider threat management platform like ObserveIT in place, your organization can achieve full visibility into the movement of sensitive data. This means you can track files in use, in motion, and at rest. You can identify specific exfiltration points (like a rogue USB drive) and detect suspicious behavior in real-time. Ultimately, this gives you clarity and context around what happened, so that you can understand user intent and take appropriate action to protect sensitive data. That could mean sending a user alert to remind them of policies, conducting an investigation, or even passing the information along to HR or law enforcement, depending on the severity of the activity.
Protecting sensitive data is an important goal for many organizations today, and the visibility achieved with a platform like ObserveIT is the best way to achieve that goal.
See exactly how ObserveIT protects sensitive data for yourself: