A company’s IT department, information security and HR teams must properly interact to efficiently fight security threats. Data loss prevention systems are becoming an increasingly comprehensive and integrated tool to connect these areas of business protection.
What Is Personnel Security?
Although DLP systems can handle a wide range of tasks, including compliance, risk management and anti-corruption, personnel security is one of its main tasks. Data loss prevention systems help reduce the risks associated with careless actions of employees as well as malicious insider activities.
Many companies already have built-in information security ecosystems, but even mature systems are at risk if insiders work effectively. That is why personnel security is particularly important these days.
Personnel Security Risks
Personnel security previously dealt mostly with incidents that occurred due to negligence. Today, we see a sharp change toward malice.
Until now, many medium-sized companies have believed that they don’t need special protection because they don’t have important or sensitive information. They’re now facing the fact that employees are purposefully planning malicious actions, either by organizing them or by participating in operations organized by third parties. In addition, it is not uncommon for external actors to install tracking apps on employees’ devices.
Finally, bad actors used to limit malicious intent to mischief, revenge or even sabotage. Now their goal is to break through the perimeter and steal confidential data.
This makes DLP systems even more important. Companies must take into account where employees work and how critical their positions are in terms of the company’s security.
Using DLP Systems in Personnel Security
Management should notify employees about new security controls. Employees must understand that data collected by DLP systems belongs to the information security field and sign documents indicating that they understand.
DLP makes it possible to prove, for example, that an employee sent documents and screenshots containing trade secrets to a competing organization. DLP systems can also help gather evidence proving an employee has used company equipment for personal gain.
Security teams tend to focus on the technical part of DLP systems and pay little attention to people. They should pay more attention to people because attackers are also people. Correctly interpreting their actions and taking timely preventive measures, with the help of precise DLP rules, will enable companies to establish effective countermeasures.
Many times, company culture dictates how an organization will use DLP. While vendors can assist with the choice of rules that help identify a problem’s origins and find solutions for it, many customers don’t share such information, either because it is top-secret or because a company’s security culture prohibits it. Few companies choose transparency. Most prefer to be as closed-off as possible.
Some DLP customers do not consider DLP as a living system that requires control rules to be regularly revised to solve new problems. They believe DLP is an automation tool that, once set up, never needs to be touched again.
How UBA and UBAE Can Help
Behavioral analytics, for instance, user behavior analytics (UBA) and user entity and behavior analytics (UEBA) can enhance DLP systems. Such systems allow companies to introduce an employee-rating system, which helps track risks and identify and prevent serious incidents.
UBA and UEBA can also help improve DLP by identifying violations and anomalies in business processes associated with the planned discrediting of the company or detecting the disloyal behavior of employees.
It is challenging to address these issues within the framework of a standard DLP because there are no clear security incidents associated with such events. New technologies make it possible to predict the development of various risky situations more accurately.
Learning to Work With DLP Systems
When implementing DLP, pay attention to the operators of DLP systems. This topic is quite hot, especially with the growing interest in outsourcing. DLP operators may encounter personal information and must understand their responsibility when dealing with this data.
7 Myths Surrounding DLP for Personnel Security
- It monitors employees and invades their privacy.
- DLP systems are expensive.
- DLP systems are complicated to install and it’s impossible to run it out of the box.
- People think DLP is difficult to work with and are afraid to use it.
- DLPs consume excessive resources. It’s often heard that they will “put down all the computers on the network,” or something similar to that.
- Vendors of DLP systems can use their customers’ data, creating risks for the company.
- DLP systems can, upon installation, provide security on their own.
Personnel security should be in the hands of responsible people. Companies often recruit former law enforcement officers, who understand the value of the collected information and have experience with the necessary tools, methods and scenarios to work with DLP. A person with basic economic security training is of little use to DLP.
Management should pay particular attention to training on DLP systems. Training takes place in specialized centers, where DLP vendors teach people how to work with their systems. The rest of the training takes place on the job.
Working Toward the Big Red Button
DLP customers always want to have a big red button that, with a single click, delivers immediate results. This is the ideal goal and DLP vendors are just starting to work toward it. They will reach that goal when DLP systems can process large arrays of complex data.
Much progress has been made, with an increase in the level of automation and widespread use of AI expected soon. Too, labor costs for the operation of DLP will decrease. It will be possible to identify incidents better and automate configuration and policy settings. The machine should do the main part of the work, with the DLP officer involved only in decision-making, not technical problems.
From the point of view of technical development, DLP will move toward integration with other security solutions. DLP is expected to move towards integration with DCAP, UBA and UEBA. Integration has already taken the first steps. For example, DLP logs are actively used in SIEM products to evaluate the correlation of events.
To sum it up, DLP systems in the future will only become more useful in managing personnel security.