Protect Your Valuable Data from Insider Threats with DLP
Apr, 30, 2020
NetDocuments recently released its Data Loss Prevention (DLP) capability for general availability; but what is this feature, exactly?
DLP is a risk-based information governance strategy aimed at protecting your information assets from internal threats. While DLP is a strategy, it is also a label that describes a category of software tools used to enforce such a strategy, which is what NetDocuments has developed: a DLP product that protects the sensitive information stored in your NetDocuments repositories.
DLP mitigates risks that come from various internal threats, including careless, naïve, or malicious employees. And, while you may not be inclined to think that these threats are common in your workplace – the data shows otherwise.
According to the American Bar Association, 26% of law firms suffered data breaches in 2018. Of those firms, 87% had already used cybersecurity tools. Insider attacks are rapidly on the rise as well, with a 2019 showing an 11% increase year over year and a 67% increase over five years. At the same time the frequency of insider breaches is on the rise, so is the average cost of a data breach. According to the consulting firm Ponemon, the average cost of rose to $11.45 million in the last two years.
So, how do we help firms mitigate these risks? NetDocuments DLP policies constrain the actions that an authorized user can take on a document within the NetDocuments platform. In other words, the rights assigned to a user declare whether they are authorized to view, edit, share or administer a document, but the DLP policy constrains whether they can print it, attach it to an email, or copy it to a CollabSpace.
In addition to greater security, one of the most important parts of DLP is that its implementation is highly flexible and can be tailored to your needs. Policies are created by your NetDocuments Administrator, who can add rules constraining specific actions by specific users. Policies can be applied directly at the cabinet level, against a profile attribute such a client or matter, or at the document level by a user who has Administrator rights to the document. Alternatively, document Classifications can be created, with each Classification mapped to a DLP policy. This is particularly useful if your organization is already used to a specific set of document classifications such as Public, Private, or Confidential.
So, how can DLP help your organization and your role? We’ve outlined a few of the many ways below.
For CIOs, DLP helps:
- Strengthen your security strategy by enhancing the tools available to your organization to restrict information access and sharing
- Limit the options to hackers for exfiltration of information if they get through perimeter defenses
- Fit well with other technologies as part of a holistic approach to data security
For Information Governance Directors, you’ll enjoy DLP because it:
- Addresses the organizational risk appetite and provides mitigation strategies
- Mitigates against the insider threat risk
- Allows the firm to comply with regulatory requirements regarding limitations on information access, use, or transfer
For the Legal practitioner:
- DLP policies allow offer meaningful protection without impeding information flows critical to your work
- Enhance operational practices by applying different DLP policies to for example:
NetDocuments DLP is a flexible solution for providing additional security to protect against insider threats to your data, and mitigating the risks of malicious, careless or accidental exfiltration of information from your repository.
For more information, click here or call (866) 638-3627.