Copy Notify!: Data Loss Protection & Data Loss Prevention Tools computers.

Business Data Protection

Small Business & Data Leak Prevention Software: An Odd Couple?

By Mr. Zarir. M. Karbhari - Founder & CEO of CopyNotify!

Data Leakage Prevention software of today is extremely powerful and effective. Millions of dollars have been invested into creating highly sophisticated Anti Data Theft Software. Endpoint Security Software which is a crucial component of the cog of the Data Loss Prevention Machine has itself proved to be important component in preventing data breaches.

Unfortunately all this data security technology comes with a price, the price of acquisition, the price of deployment and finally the price of configuration and maintenance. This price tag even today is rather high and hence deters most small business owners from purchasing and deploying the software.

So how does a Small Business Owner though concerned about Data Theft, balance the other pressing priorities of running the business and the purchase of a Data Leak Prevention Software for endpoints?

Here are some tips that would perhaps lay the guidelines of working towards implementing a feasible and inexpensive data security protection policy for your small business network.

1. Does your data need protection? What would you define as confidential data? Where is the data stored? Who has access to this data? These questions need to be answered first and only then can you begin to decide on how you are going to protect your data.

2. Make a conscious effort to trace the obvious ways this confidential data goes out of your network. In the majority of cases it probably will be via USB Sticks, email/webmail or via uploads using ftp clients, twitter and instant messengers.

3. Deployment of simple USB Block Data security software would enable you to control and monitor the access and usage of external USB drives in office. Point to be noted that if technical expertise is available in-house, Group Policies can also be used to effectively control devices such as USB and CD/DVD Drives as well.

4. Monitoring of emails and data attachments being sent or received using the office email server could be done by switching on the logging of that email server software. Analysis of these logs would give you a clear idea of the data being sent / received via email in your office. If your employees know you are monitoring all official email accounts, it would automatically reduce the possibility of the official email account being used for transfer data out of the office in an un-authorized manner.

5. Webmail is unofficially used in many small business offices to send / receive data attachments. A simple endpoint Security Software that monitors and blocks attachments could be used in this case. In most cases the same software could be used to block uploads of data attachments in twitter and instant messengers too.

6. If you are using a proxy server you could also directly restrict the usage of webmail clients, twitter feeds and instant messengers. Rules could be set on the Proxy Server such that data uploads and downloads using FTP / FTPs protocols can be barred. The proxy server can also be used to restrict users from visiting particular sites.

So the whole point is study your requirements first, plan out a simple strategy that would reduce data being copied in an unmonitored fashion, block the security holes with common sense implementation, use what you already have and only buy Data Protection Software with features that suit your needs and requirements. Data Loss prevention is more about having a practical security policy than about using a particular software.

CopyNotify! on Twitter