When people want to protect the data of their companies by means of Data Leak Prevention system (DLP) they often face myths about this product. Analysts from Falcongaze, the developer of DLP system SecureTower, have put together common misconceptions concerning leakage control systems.
When implementing DLP, some executives become worried that the staff will not be ready for working activity being under control. That they will start thinking of DLP as a spying software, ‘big brother’, and the system use will be not ethical, like peeping.
This myth is easy to break. You just have to understand what DLP actually is and why you should use it. So, its goal is to prevent data leak – not only intentional but accidental too.
Moreover, DLP is only a technical element of a company information’s security system. At first, you develop the security policies where you decide what and why you must protect. Then you inform the staff about new rules and explain the importance of such software. After all, people are not interested in damage, which puts at risk not only the company but their personal financial stability as well.
Eventually only those will run away who don't want to work in transparent mode.
This myth is still widespread. According to it, the employer has no right to read the staff correspondence because doing so breaks the basic rights. Well, be aware that any message sent through company owned computer is considered to be for work. Therefore, such claims of privacy violation are wrong. By the way, the European Court of Human Rights has confirmed that.
However, it’s important to understand that such control doesn’t suppose that boss together with security officer are going to read the whole correspondence. It is the task for software. Human will be involved only if the solution detects suspicious activity. And the access is granted only to specifically authorized officials. Their responsibilities are strictly defined and supervised. They don’t have the right to read correspondence which doesn’t concern security issues.
Some executives surprisingly believe that DLP is a particular type of antivirus. So the fee should be at the same range i.e. not big or free. Yes, DLP is not free, but there is no leak which damage you can compare to payment amounts for DLP.
For example, the theft of information that has occurred in British medical insurance company BUPA costed them at least £ 175 000 as a fine from regulator. It's not even taking into account the claims from clients demanding compensation for insecure storage.
When company purchases DLP, it pays for reduction of information leak risks through control over communication channels. Moreover, modern DLP systems have a set of tools, which safeguards the financial stability of organization as well.
Flexible pricing policy of vendors grants best proportion between cost and functionality of software. For example, Falcongaze offers its DLP system for free trial during which any company can choose the functionality it needs to cover security tasks.
By the way, even at the first run DLP starts working off the money. For example, it intercepts important documents, which employees try to send via personal e-mail.
There is an opinion that the company will have to change its corporate network while implementing DLP. However, modern systems don’t require equipment replacement. They are able to adapt to the existing.
One more wrong opinion – implementation will block the business processes. However, latest products not really affect performance. The implementation itself will take an hour and the agents (software modules) will be installed on PCs in hidden mode without breaking the work of a user.
And of course, many executives are sure that DLP setup and use is extremely hard and inconvenient process. However, do not fall into a trap of outdated information. Not all DLPs have heavy and bulky consoles, which require experienced professionals. The customer is important to developer, so it has improved the system. In a way that the interface is clear even for a beginner. Good system has a single console, which allows a security officer to work with DLP directly. It contains preset security rules and templates, which provide opportunity to use DLP “out of the box”.
The approach should be serious while choosing DLP. You cannot blindly follow friends’ advices or reviews on the Internet. Whereas vendors’ statements must be verified. How? Download and scrutinize the software trial version.
Only in this way, you will get the best solution for your company. Otherwise you will be disappointed and wrong believes will only increase. However, the worst is that the company information assets will not get trustful protection. Which is highly likely to make the company another victim of data breaches.