|
|
|
Creating effective DLP policies is a constantly evolving process. Awareness Technologies has put together a check list to help your organization adhere to a stronger DLP policy:
1. Start by monitoring the organization
2. Then create “report only” policies to watch for efficacy—clean them up if necessary. Only then put very clean policies into enforcement mode while leaving “iffier” ones in report only mode.
3. Determine which departments have access to confidential data
4. Always use least complicated policies to accomplish objectives
5. Blocking by file type if possible (no one in accounting should ever have to copy CAD files to USB)
6. Use combinations of things to reduce false positives. (State and SSN instead of SSN).
7. Use “report only” for more ambitious policies that are more likely to trigger false positives (SSN only).
8. Block things if possible instead of relying on content aware DLP (Block access to personal webmail and USB for those departments that don’t need it.
9. If a particular person tends to generate a lot of false positives, but the group they are in does not, simply modify the policies for that individual by putting them in their own group instead of modifying for all.
10. Create policies to scan “Data at Rest” for information that should not be kept on hard drives in an unencrypted state. These policies will alert administrators to any confidential data that is encountered on any hard drives of all computers in the organization where the software is installed regardless of whether the computers are on or off of the corporate network.