Step No. 7: Prevent electronic messaging data leakage
A good starting point for securing sensitive corporate data is to protect against data leakage via messaging (e-mail, Web mail, instant messaging, etc.). Routing e-mail through an intelligent message processor can help to actively protect sensitive data. Using a single message processor platform with a set of applications (instead of individual point solutions) can provide easy-to-manage, coordinated policies for the following:
1. Content analysis for identifying and stopping sensitive information from leaving your company. This can include document decomposition for decoding proprietary document formats, descending into compressed or container files, document fingerprint matching for identifying whole or partial files, etc. This is useful in preventing the spread of rumors of impending layoffs, distribution of sensitive documents for employee "backup" purposes, theft of intellectual property by an exiting employee and other similar activities.
2. Directory-driven corporate governance policy enforcement for limiting distribution of information in accordance with policies and information audits.
3. Message tracking to gain insight into sender, recipients and content of flagged materials for audit purposes.
4. Policy-based encryption to protect outbound, sensitive materials using any of the policy methods described earlier to safeguard data in transit.
Even if your company is not facing a round of layoffs, these best practices can be used to help protect and manage your organization's sensitive data. While no technology is completely foolproof against employee data leakage, most violations are caused by employees who either inadvertently or unknowingly send sensitive information.
Don't be discouraged by the amount of work required to implement all of these suggestions. There is no better time to develop a plan to address your current data protection weaknesses. Start implementing the practices just outlined by creating policies and procedures, and identifying and protecting your most likely avenue for data loss, leakage and corruption.
Prior to Sendmail, Gregory began his professional career as a systems administrator for Worcester Polytechnic Institute (WPI) after graduating from WPI with a degree in Computer Science in 1992. Gregory is a FreeBSD committer, has served as program committee member for BSDCon 2002 and program chairman for BSDCon 2003. In addition, he has contributed to the past three editions of the O'Reilly Sendmail book. He can be reached at firstname.lastname@example.org.