Five Cheap Data Loss Prevention Tools

data loss prevention, security tools

Companies that need to comply with privacy laws like HIPAA, PCI, GLBA, etc. need to worry about data loss prevention tools.

“Data loss prevention” typically refers to preventing employees from deliberately stealing or accidentally leaking sensitive data.

The typical stack to data loss prevention tools include:

  • Blocking or monitoring USB drives
  • Blocking or monitoring CD/DVD burners
  • Monitoring printer activity
  • Monitoring outbound email for sensitive data
  • Blocking sites like Gmail and Dropbox

Software vendors sell a suite of products that can accomplish these goals — simply search for “data loss prevention magic quadrant″ and you’ll see leading vendors like Symantec, McAfee, RSA, and more.

But what if these products aren’t in the budget? Are you out of luck, and at risk of a security breach?

Consider these alternatives as a way to implement data loss prevention on the cheap:

USB Lockdown: $200 per company

A network admin colleague highly recommends a product called IntelliAdmin. IntelliAdmin lets you remotely change the registry of Windows computers you administer, and block the use of USB flash drives.

Of course, you’ll have people who have a legitimate reason to use USB devices, but you can manage this through an exception process. The more expensive products give you better options for managing USB devices, such as restricting a single USB drive so it only works with a single computer. But since we’re aiming for cheap, this inexpensive product gives you a perfectly functional On/Off switch.

DVD/CD Lockdown: Free!

The aforementioned Intelliadmin can also restrict users so they can’t burn files to CD and DVD drives. Again, locking down all CD and DVD drive burning isn’t the most elegant solution, but it works, and it’s cheap.

Monitoring Printing: Free (kinda)

Microsoft makes it easy to start logging the name, user, time, size, and number of pages of every file that’s printed. You could turn it on right now if you wanted to do so.

What’s not free is actually doing something with that data. To make meaning out of the data, you need to be collecting these logs and using a SIEM tool (e.g., Splunk, SolarWind, ArcSight) to review the logs and to watch for anomalies. Feel free to call us at 888-646-1616 if you need help setting up your SIEM tool.

Monitoring Outbound Email: $30 / user / year (or less!)

Everyone’s been getting into the DLP game. Microsoft just added DLP functionality to their Microsoft365 suite as a free feature. McAfee offers it as an add-on service to customers of the former MXLogic company that they acquired.

It’s a great idea to have automated monitoring in place for your outbound email, mainly so you can have that extra level of assurance that no one is accidentally sending around files chock full of social security numbers, bank account numbers, or medical diagnoses.

Call your email provider and see what kind of add-ons they have for monitoring outbound email for sensitive data. You’ll probably be surprised by how inexpensive it’s become.

Blocking webmail and file sharing sites: Free! (kinda)

Most companies take the approach of using a web filtering service (like WebSense) to block the use of websites that are used for personal email, file sharing, or generally inappropriate activity. In our experience, these tools punish the good people and do remarkably little to actually stop someone who really wants to steal data.

Another approach which is both more humane and less expensive is “trust but verify.” Assuming that your company is using a proxy server or DNS server that has logging turned on, you already have a rich data source that shows you exactly what sites your employees are visiting. Collect these logs into your SIEM tool, and then review them.

Before you take the draconian step of locking down sites, you first want to understand what sites employees are using. Then, have a conversation and write policies about what is and isn’t appropriate, and confront people who violate the policy. It’s common knowledge amongst the security community that the perception of detection can be even more effective than outright blocking.

Talk to us!

Want to protect your business from hackers and insiders?  Want to make sure you’re doing the right things for HIPAA compliance?  Talk with an Adelia Risk consultant to learn more.

Have questions or feedback?  Please share them in the comments below!

Like this article?  Share it!

Table of Contents

Picture of Josh Ablett

Josh Ablett

Josh Ablett, CISSP, has been meeting regulations and stopping hackers for 20 years. He has rolled out cybersecurity programs that have successfully passed rigorous audits by the SEC, the FDIC, the OCC, HHS, and scores of customer auditors. He has also built programs that comply with a wide range of privacy and security regulations such as CMMC, HIPAA, GLBA, SEC/FINRA, and state privacy laws. He has worked with companies ranging from 5 people to 55,000 people.

Share

Related Posts

Looking for a ready-to-use incident response policy template? You’ve come to the right place!  Businesses face

Why are firewalls important and do you need one for your small or midsized business? That’s

You already know that security training is important. You can have all the technical safeguards implemented,

Do you think we might be a good match?