Data Loss Prevention
Category: NachrichtenBy: F. Fiesel - 2B Advice GmbH - the privacy benchmark
Information in form of digital documents is often the most valuable resource in a company. From the theft of such data, companies regularly experience a high degree of damages, which can be found both in the financial area and in the loss of the confidence of customers.
In order to prevent this problem, there are software solutions ("data loss prevention" (DLP) solutions) that monitor whether a document may be reproduced in a particular manner.
For example, a well-known printer manufacturer enhanced a document management software program in such a way that documents that contain certain keywords cannot be printed or copied by the users. If, nevertheless, the user would like to print out such document, the printer immediately announces this incident to a previously specified person, which can examine this incident.
A broader area in uncontrolled data being stolen from companies is the sending of documents by e-mail or copying them onto an external data medium (hard disk, USB stick, SD card, etc.). There is also software for this area of application, which monitors whether a document may be reproduced and (if applicable) whether a responsible person (e.g. the data protection officer) is informed.
The deployment of such a software program in companies that process sensitive data is surely to be classified as a sensible measure. However, in the selection of the software, attention must be paid to the fact that the deployed security measures cannot be circumvented by simple measures, such as for example through so-called "L33t Speak", with which letters are replaced by numbers or special characters. Thus, in "L33t Speak", "GEHEIM" would become --> "G€H€1M", which could not be recognized by the software.
Further, upon the deployment of a DLP software program, attention must be paid to the fact that:
- prior to the deployment, all employees were informed that the printer sends information that possibly identificates an employee, for example.
- prior to deployment, the software was examined in such a way that, through the deployment in the company, no violations of data protection are committed.
As a general matter, it should be the case that documents containing confidential information may be accessed only by employees which need such information to perform their work activities. This may be achieved, for example, through the deployment of strict technical access controls.
However, there is no generally accepted solution for the protection of data theft, so every company has to select individual measures for the protection of sensitive information.
(987 times viewed)