Data Leak Prevention

What is Data Leak Prevention?

Data Leak Prevention (DLP) is a set of security measures and technologies designed to prevent sensitive or confidential data from being leaked, intentionally or unintentionally, outside the organization's authorized boundaries.

When applied to email filtering, DLP helps detect and mitigate the risk of sensitive data being transmitted via email. Great examples of this include a user accidentally sending out employee or patient records to an external user by a simple typo on an email address, or more darkly, an intentional scraping of internal records (perhaps client or vendor records, for example) for sale to a competitor, media outlet or on the dark web for potential attackers to use.

Data Leaks are a reality for every organization and while it’s most common unintentionally, even those leaks can be pretty troublesome to get control of considering the variety of places they may have gone, especially to private citizens.

Instead of dealing with those headaches after the fact, UpStream offers prevention ahead of time with keyword based rules that can outright delete, encrypt, redirect or blind copy to a supervisor or system administrator or quarantine such emails in order to not only stop a leak before it occurs, but also automatically notify the various data security personnel about it for remediation and retraining, if necessary.

In the event of an intentional data theft situation via email, these DLP alerts can mean the difference between a rogue employee escaping with the corporate memory and the attempt being intercepted and shut down before they’re able to get it off the ground.

How does Data Leak Prevention work?

Data Leak Prevention in UpStream works with Rule-Based Policies, wherein specific words, strings or expressions that are located in the Email Body or Email Headers can trigger certain actions to be taken against the email, such as deleting it outright, encrypting it before sending, redirecting it to another person or distribution list for review, quarantining it, blind copying another person or a few other more advanced options.

Common criteria specified in DLP policies include content like credit card numbers, Personally Identifiable Information (PII), Protected Health Information (PHI), social security numbers and organization-specific codes which may need to remain compartmentalized between departments or never leave the organization’s domain (i.e. never be sent to an external recipient).

Such policies are commonly used by business users to ensure they’re meeting PCI-DSS compliance for credit card information protection and by medical organizations of all sorts, including medical billing offices, for handling PHI of patients.

While DLP policies are generally meant to avoid data from getting “outside” of the organization via outbound filtering, they can also be used for inbound emails to deal with specific content arriving undesirably, such as adult mailing lists that users signed up for via their business email address or other similar business policy violations, but rather than blocking them outright, they could used by a Human Resources department as policy enforcement tools.

While many organizations will fit under an umbrella of such terms for easy HIPAA or PCI compliance, some organizations will need to customize their terms for their specific information. UpStream Support can help tailor the terms and policies according to your needs.

How does Data Leak Prevention help me?

DLP benefits can be broken out into five separate categories of protection, described below, but the short answer is that it is another component in a defense-in-depth strategy that is often unexplored: accidental release of data and what happens with that data post-exposure.

  1. Data Protection: DLP policies help organizations safeguard sensitive data and prevent unauthorized disclosure. By identifying and preventing data leaks, it mitigates the risk of financial loss, reputational damage, regulatory non-compliance, and potential legal liabilities.

  2. Compliance: DLP assists organizations in meeting regulatory requirements and industry standards related to data protection and privacy. It helps ensure that sensitive information is handled according to applicable regulations, such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA).

  3. Intellectual Property Protection: DLP helps safeguard an organization's intellectual property by preventing unauthorized sharing of confidential documents, proprietary information or trade secrets. This ensures that valuable assets remain within the organization's control and reduces the risk of competitive disadvantage.

  4. Insider Threat Mitigation: DLP can detect and mitigate insider threats where employees may intentionally or accidentally leak sensitive data. By monitoring and controlling data transfers, organizations can identify and address potential insider risks, whether they stem from malicious intent or inadvertent mistakes.

  5. Enhanced Security Posture: Implementing DLP as part of an organization's overall cybersecurity strategy strengthens its security posture. It provides an additional layer of defense against data breaches, phishing attacks, or inadvertent data disclosures that may occur via email.

A simple DLP policy causing any email with the word “Clowns” in the message body to be redirected to a specific user.

A view of the different Filter Expressions that can be used to find the desired content in a more advanced manner.

A listing of the different actions that can be taken upon an email meeting the policy criteria. The same options are available for both inbound and outbound emails.