Now, we're going to talk about some steps that you can take to successfully implement your data loss prevention plan.
1. Identify Key Participants – Assemble those that should be involved internally when you identify data loss. Participants may include IT, HR, and Operations employees. Identify the individuals and meet with them to work out what situations they will need to be involved in.
2. Develop Notification Process – Do you have processes ready if a regulated data breach occurs? Who will be notified? Is your legal or compliance team ready to meet requirements such as breach notification laws? Get your compliance people in the loop and have them write the process with you.
3. Fix Broken Business and Weak Processes – Assume that you will find broken business processes, like automated file transfers to partners in clear text over the internet instead of encrypted or over private line. You’ll spend time getting these fixed.
4. Create a Plan for Handling Theft – Talk with HR to establish a process if you uncover insider theft. Give HR a heads up and involve them in the roll-out. The insider may be at a senior level, so consider that as well.
5. Establish the Response Team and Workflow – Map out your incident handling and resolution process, as a flowchart. Who will be on the incident handling team? In larger organizations you might have: First level reviewer (making sure the incident is properly classified with the right severity-typical in large enterprises), IT, Security, Compliance, HR.
6. Set a Timeline for Incident Resolution – Set goals for making sure incidents are handled in a timely manner:
- First level review of all incidents within x amount of time
- Resolve all high severity incidents within y amount of time
- Close all incidents within z amount of time (resolving incidents within 2 hours).
7. Establish Reporting and Automate – How are you going to track things? Decide what reports you’ll need to have and who should get them. Set up scheduled reports so that you know what is happening and that your team is resolving incidents within your timeline. Reports for:
- Incidents Created
- Incidents Closed
- Open Incidents Status – by age, severity, owner
- A report sorted by the type of data or by policy that was violated
- Summary reports for your CSO or execs
8. Plan Roll-Out Stages – It’s important to plan your roll-out in stages rather than trying to attach the problem all at once.
- Select data and policies to be implemented in stages, e.g. first the customer billing database for PCI violations, then the next set of data and policies for state privacy regulations, then company IP data and policies.
- Roll-out and test your policies in a monitor only mode, to set a baseline. But you have to be prepared for a significant breach to happen. That’s why we advise people to anticipate data loss and prepare for it in advance.
- Decide when you will have the solution notify end users and what you expect of them. Use this for user education about your polices on data handling. You can expect to see the number of incidents drop as users are notified on each violation. Set up your reporting ahead of time so you can track.
Click here to read parts 1, 2 and 3 of this series: