Industry View

Five Ways to Turn Employees into Security Assets for Protecting Data

Trend Micro's Glen Kosaka explains how to prevent data leaks by raising security awareness and gaining employee support

By Glen Kosaka, director of DLP products, Trend Micro

Page 2

Make employees feel like security assets, not liabilities
If employees can feel as vigilant about protecting their company data as they do about meeting other business objectives, they become an extremely valuable asset to their company's data security programs. Saving their company from millions of dollars in fines and expenses associated with a breach can be as valuable as saving the company millions from improved processes or reduced costs, not to mention the embarrassment and loss of goodwill associated with privacy breaches. Training and awareness programs around the costs of various types of breaches and what they can do to prevent breaches will sensitize employees to the challenges faced.

Prevent the temptation to engage in "harmless" policy violations
While there are many obvious "no-no's" such as selling the company account list to a competitor, there are many "grey area" violations which, if left unaddressed, can lead to more damaging breaches. These include sharing contact lists with friends at other companies, "backing-up" sensitive data to home systems or unauthorized storage devices, and copying intellectual property to USB thumb drives to transport them to a remote development site. All of these violations, while they may seem harmless to the employees who commit them, can lead to costly breaches. In addition, as employees are allowed to push the envelope of what they can get away with, there may be increased temptation to profit from these violations. While there are many alternatives for monitoring and enforcing policies, the selection criteria of a data leak prevention (DLP) solution should include the intelligence of the solution to detect relevant leaks without inconveniencing the employee and impacting their business (and, for some companies, personal) productivity.

Teach employees about policies while enforcing them
An effective data security policy should incorporate a "carrot and a stick" approach. Employees should be educated about the company policies, ideally at the "point of use" or "point of violation." When an employee copies a sensitive document to a USB drive in violation of policyâ¬that is the best time to educate them about the proper protection of the company's valuable assets. If violations are severe, the action should be blocked by the DLP solution, and the employee's management should be notified so proper steps can be taken. Raising employee awareness of data protection policies, especially at the "point of use," can reduce or even eliminate the large percentage of breaches which occur accidentally and unintentionally.

Data leak prevention technology should not only monitor and prevent leaks, but help to educate and raise the awareness of employees about company policies and procedures for handling sensitive data. By educating employees and safeguarding both the network perimeter and internal endpoints, DLP solutions also can help employees become security assets by preventing data leaks, reducing accidental breaches and requiring their vigilance to protect sensitive data.

DLP

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors