DLP, Prevention Is Better Than A Cure

Author: Bhaskar Bakthavatsalu
Country Manager, India and SAARC of Check Point Software Technologies
Data loss occurs every day through corporate email. In fact, given the sheer number of emails an organization sends every day, data loss incidents via email are bound to happen easily and frequently. Common email mistakes include auto-filling the wrong email address, attaching a different file than the one intended, or sending out sensitive data that really shouldn’t be emailed.

Anyone within an organization could potentially cause a data breach, at any time and in a matter of seconds. What’s even more worrying is that employees may not actually realize what they’ve done until after the email has been sent. Unfortunately, it sometimes only takes one such incident to damage a businesses’ reputation and result in loss of customers.

Protecting People against Their Mistakes

A CSO from a large organization recently confessed to me that a substantial part of his time is spent trying to protect users from their own mistakes. This was no surprise to me. When it comes to securing a key business tool such as email, companies should think about educating employees even before deploying any technological net.

Our research found that about 90 percent of data loss incidents are unintentional errors, with no malicious intent. Most of the time, such incidents happen quite innocuously and result from very simple actions, such as an employee sending a file to their personal Web mail account, so they can work on the document from home. Although the employee has good intentions, such practice is often against corporate policy and could turn into a data breach for the company. The majority of data loss is caused by employees’ simple mistakes, with no malicious intent, so why not give them more responsibility to help avoid future leaks?
So, how can businesses efficiently prevent data incidents from happening? Involving individual employees in the corporate security process is the only viable approach to avoid data loss incidents. It is also the only way to turn a DLP solution into a truly preventative tool - as opposed to a reactive tool. For businesses, proactively educating users about the potential security issues that can arise from seemingly innocuous actions, like sending an email and reinforcing their overall DLP awareness, will provide the first and ultimate shield against data breaches.

Let’s take a closer look at this user-focused approach to DLP and how it could work.

Taking Control

First of all, in order to increase the user awareness, an effective DLP solution will alert the user before they can send a suspicious email that may cause a loss incident.
Let’s take the scenario of an employee who has composed an email, addressed it, and clicked on the ‘send’ button. A useful DLP solution should analyse the body of the email with its attachments compared with a set of pre-defined characteristics to identify potentially sensitive data. This could include, for example, certain key words in the email body text such as ‘financial’, ‘report’, ‘specifications’, ‘confidential’, and so on. In addition, file types such as spreadsheets or presentations with financial data, confidential records, or even some strategic material may need to be carefully scrutinized.

Once the DLP solution detects a potential breach based on this analysis, it will override the ‘send’ instruction and present the user with a pop-up alert to inform them of the potential data loss and ask how they wish to proceed. The user will have to decide whether they: a) want to send the email and its attachment(s) as it is; or b) realise that they have made a mistake and correct the body text or remove the suspicious attachment(s). There should also be the option for the user to leave a brief explanation as to why they overrode the DLP solution’s alert.

Decision Points

But what happens if, after seeing the pop-up alert, the employee decides to send the email anyway, resulting in data loss? The DLP solution keeps records of all of the user’s actions, of the fact that he or she was alerted, as well as the justifications they provided, giving an audit trail for subsequent analysis and review. This establishes a clear chain of events when reviewing the data-loss incident, which will come in very handy for internal review and external compliance purposes.

The system aims to increase the users’ responsibility, to encourage them to review what they plan to send, and help them correct any digressions from the company’s security policy before a data loss incident occurs.
Preventing Loss, Gaining Benefits
To summarize, the benefits of this DLP system fall into two main areas:

First, and most importantly, companies can significantly reduce the number of data loss incidents upon deployment. As employees experience the DLP solution in action, they will learn more about data loss, how it typically occurs and how to avoid it. This encourages adherence to company security policies. Over time, pop-up alerts to users will most likely decrease as users become more conscious and increasingly aware of the types of activity that triggers an alert.

Second, engaging the users in the data-loss prevention process will directly benefit the organization, by reducing the burden of day-to-day security management from IT staff. The majority of decisions about whether content can be sent or not, is taken by users directly - a sharp contrast to previous-generation DLP solutions that require IT staff to check every email flagged as a potential risk. Eventually, empowering the user enables IT teams to concentrate on more strategic tasks, instead of getting bogged down in email approvals.

When it comes to preventing data loss in the corporate environment, technology alone is not the answer, but it can be used as a safety net. Technology, when combined with educating users to become more aware of the impact of their actions, is the best method for minimizing the overall security risks. After all, the old adage had it right: Prevention truly is better than a cure.
Previous  article
Next article
Write your comment now

Email    Password: 
Don't have SiliconIndia account? Sign up    Forgot your password? Reset
Reader's comments(5)
1: Mr Bhaskar Bhaktavatsalu--
I read your above piece.My computer was opened by our rivals who deleted my important documents from my computer and I am helpless.
I lost a lot of important Data.I have written an article " Prevention is better than Cure " but not getting applicable in my Case as people are scared of some big giants who r troubling me.Made a complaint to Police still they have no shame.Any suggestions what I must do?
Posted by: VIJAYA SHESHGIRI SHANBHAG - Wednesday 05th, October 2011
2: From: Mrs. Mary David

This mail may be a surprise to you because you did not give me the permission to do so and neither do you know me but before I tell you about myself I want you to please forgive me for sending this mail without your permission. I am writing this letter in confidence believing that if it is the will of God for you to help me and my family, God almighty will bless and reward you abundantly. I need an honest and trust worthy person like you to entrust this huge transfer project unto.

My name is Mrs. Mary David, The Branch Manager of a Financial Institution. I am a Ghanaian married with 3 kids. I am writing to solicit your assistance in the transfer of US$7,500,000.00 Dollars. This fund is the excess of what my branch in which I am the manager made as profit last year (i.e. 2010 financial year). I have already submitted an annual report for that year to my head office in Accra-Ghana as I have watched with keen interest as they will never know of this excess. I have since, placed this amount of US$7,500,000.00 Dollars on an Escrow Coded account without a beneficiary (Anonymous) to avoid trace.

As an officer of the bank, I cannot be directly connected to this money thus I am impelled to request for your assistance to receive this money into your bank account on my behalf. I agree that 40% of this money will be for you as a foreign partner, in respect to the provision of a foreign account, and 60% would be for me. I do need to stress that there are practically no risk involved in this. It's going to be a bank-to-bank transfer. All I need from you is to stand as the original depositor of this fund so that the fund can be transferred to your account.

If you accept this offer, I will appreciate your timely response to me. This is why and only reason why I contacted you, I am willing to go into partnership investment with you owing to your wealth of experience, So please if you are interested to assist on this venture kindly contact me back for a brief discussion on how to proceed.

All correspondence must be via my private E-mail ( for obvious security reasons.

Best regards,
Mrs. Mary David.
Posted by: mary lovely david - Monday 26th, September 2011
3: Hi my dear,
My name is Mounace, i would like to establish a true relationship with you in one love. please send email to me at ( i will reply to you with my picture and tell you more about myself. thanks and remain blessed for me,
Your new friend Mounace
Posted by: mounace love love - Thursday 09th, June 2011

I am pamela by name,am friendly and good looking young girl , I want us to
be friends, for friendship can not be seen or even touched because true
friendship does not matter with anything but it must be felt within the
Wow, friends are like clothes, without them we feel naked! I guess I''m
right? Looking forward to a wonderful response from you.i saw your profle here (

Contact me ( that i will send some of my pictures
to you so that we shall continue from there to know eachother.

I will be waiting to hear from you soonest.

pamela CoolSmile.
Posted by: pamela teamah littlepame - Wednesday 18th, May 2011
5: This is my very first time here, really good looking blog. I discovered a lot of interesting stuff within your blog especially it's discussion. From all the remarks on your posts, it looks like this is really a extremely popular site. Keep up the good work.
Posted by: liu mei feng - Tuesday 22nd, February 2011
More articles
by Kaushal Mehta - Founder & CEO, Motif Inc..
The retail industry is witnessing an increased migration of customers from traditional brick and mortar retail to E-commerce (online retail)...more>>
by Samir Shah - CEO, Zephyr .
You probably do because you are on the phone with them! For all of you working in some technical management capacity here in Silicon Valley,...more>>
by Raj Karamchedu - Chief Operating Officer, Legend Silicon .
These days are a mixed bag for me. Of late I have been considering "doing something bigger and better," in my life, perhaps seriously though...more>>
by Madhavi Vuppalapati - CEO of Prithvi Information Solutions .
IT Services Rise of Tier II companies The Indian IT outsourcing industry is going through very exciting phase in its business life...more>>
by Pradeep C- CEO, Edista Testing Institute.
Software Testing sure does present a great opportunity for growth for major Indian IT Service Providers. With 70 percent of the worldwide ou...more>>