Cybersecurity pros often follow a “defense in depth” strategy, acknowledging the fact that controls will fail. Layered defenses are especially important in the open-computing environment of academia. Data loss prevention solutions are an important component of a layered approach to security. DLP scans content leaving the institution for signs of sensitive information and often serves as the last line of defense, stopping data exfiltration after other controls fail to prevent a breach.
Here are four ways colleges can better leverage DLP to safeguard sensitive information:
1. Use Pattern-Matching to Lock Down Sensitive Information
A core feature of DLP solutions is their ability to recognize common patterns used in sensitive information. For example, numbers that appear in the form XXX-XX-XXXX are likely to be Social Security numbers, but it’s possible to find this pattern in the most unlikely places. When one major university ran pattern-matching DLP against desktop systems, it found SSN matches buried within the binary code of font files.
Modern DLP systems can perform intelligent pattern matching by examining the context surrounding a potential match. Is that SSN pattern match contained within an email to the financial aid department? That’s a likely match. Buried in a font file on a student workstation? Probably a false positive.
2. Focus on Protecting High-Value Data
Deploying DLP technology across the entire network can be time-consuming, disruptive and cost-prohibitive. Instead of trying to cover all campus activities, focus on targets likely to handle sensitive information.
SSNs are much more likely within divisions that handle payroll, financial aid and other administrative tasks than on individual faculty workstations. Similarly, credit card numbers will most likely appear on systems used by units and individuals involved in payment transactions, such as food services and the campus bookstore. Use your institutional knowledge to deploy DLP in high-risk areas first and then expand the deployment as your budget permits.
3. Consider Letting Users ID Suspicious Emails
Email DLP systems often place suspect messages in quarantine for manual review. If you’re deploying DLP with the goal of preventing user error, consider giving those users the ability to release messages from quarantine themselves. This empowers users to correct their own mistakes and quickly move on with their business. It also has the benefit of reducing the burden on IT staff to field user queries and perform manual reviews.
4. Minimize Time-Consuming False Positives
False positive reports are the bane of any DLP deployment. They frustrate users, disrupt business activities and consume the time of IT admins. Work with your DLP vendor to tune your system so that it minimizes false positives. You can do this with a combination of vendor-provided best practices and institution-specific knowledge. For example, if your financial aid department sends out sample forms that use 123-45-6789 as an example of an SSN, include an exception for that SSN in the DLP to prevent false positive alerts.