DATA LOSS PREVENTION – HERE'S HOW YOU CAN HELP
What is Data Loss Prevention (DLP)
Data Loss Prevention (DLP) is a set of tools and practices used to ensure that sensitive information is not lost, misused, or accessed by unauthorized users. Since you use a computer for work, and most likely a home computer or smart phone for personal tasks such as banking or online shopping, there’s always data being sent, received, and stored on those devices. Some of this data belongs to you, and this should be a good enough reason to do your part in protecting it. Likewise, the work data you handle could be sensitive for the organization, or be personal health information belonging to British Columbians. In this case, you have a responsibility to do your part in protecting and preventing data loss at the hands of cybercriminals.
Risks from data loss
Did you know that sending data over unsecured networks (e.g. public Wi-Fi) or sending it to someone you’re not supposed to, is considered a major security concern? Why? Because security risks could result. For example, the loss of your personal data could result in identity theft. The loss of financial data could lead to fraudulent transactions. And the loss of patient health information could lead to the theft of a patient’s identity as well as the damage of our organization’s reputation. That’s why DLP best practices exist.
Data Loss Prevention Best Practices
Though there are security tools and applications that exist to help protect your own personal data, and the data of those you’re responsible for, these technical solutions are not enough to offer full protection. That’s why YOU continue to play a critical role in cybersecurity. Here are four (4) best practices you can follow to help prevent data loss:
1. Don’t connect the unknown: Avoid connecting any unknown USB flash drives or storage devices to your computer. By plugging one of them in, you might inadvertently download a malicious piece of software designed to grant the attacker full access to your device and all of your data.
2. Be wary of phishing emails: Clicking on a link in a phishing email can send you to a website that is designed to steal the login credentials of your online accounts. This could then lead to the unauthorized access of data within those accounts. Likewise, clicking on a malicious attachment could result in the installation of malware into your device, thus resulting in cybercriminals stealing data or “locking” it up for ransom.
To learn how to identify phishing emails, check out our article: 6 Clues That Should Raise Your Suspicions.
1. Use two-factor authentication (2FA): If available, enable this for your online accounts. Two-factor authentication (2FA) requires that you provide verification items (a.k.a. "factors") to gain access to a resource (e.g. online account or a device). 2FA therefore provides an additional layer of security, making it harder to gain access to your account because an attacker will need more than your username and password.
PHSA, VCH, PHC, and FHA are currently using the two-factor authentication app, "Microsoft Authenticator". To learn more, visit the Microsoft Authenticator app on the IMITS Infocentre.
2. Public Wi-Fi is a no-go: Shopping malls, airports, and other public spaces are notorious for offering free Wi-Fi to its patrons. While complimentary Wi-Fi is convenient, many times these networks are unsecured, giving cybercriminals the opportunity to see and steal your data (e.g. passwords, credit card numbers, etc.) as it travels from your device to the websites you visit. Avoid using public Wi-Fi for sensitive tasks such as banking or work-related duties. If you’re working remotely and need to access the organization’s network, be sure to use a Virtual Private Network (VPN) to connect. For example, VCH, PHC, and PHSA all provide a Citrix VPN solution that you can use on your work laptop. For more information, visit VPN FAQs.
We have prizes to give away
Next week we’ll be launching another contest where you’ll have a chance to win prizes. There’s already been several winners from across the organization. Contest details will be in next week’s Security Awareness article found in the weekly Operational News bulletins. Winners will then be announced on Tuesday, July 27th, and if you’re one of them, you’ll have until Friday, July 30th to claim your prize. Stay tuned as more details become available in future articles. Good luck!
Written by Joseph Tesoro, Education Awareness Specialist, Security Awareness Program and Sabrina Young, Education Awareness Specialist, Information Security.