10 questions about the DLP system: why do I need it, what can I do, and what can’t I do?

1. Why do we need to install a monitoring program? I trust my employees.

Trust works when you know each employee personally. Even in this case, there is the risk some employees will abuse the trust you put in them. When your staff counts with more than 50–100 people, there is a place for intrigue and fraud, information leakage, or a lot of incidents due to carelessness.

2. DLP is expensive. Does it pay off if we don’t have dark secrets?

The situation strongly depends on the specific DLP system and the vendor’s flexibility. Our software has a modular structure, and the implementation of the system can be increased as the business matures and its tasks become more complex. For those companies that can not yet assess the feasibility of purchasing software permanently (perpetual licenses), there is a solution to test it in the format of outsourcing.

3. How can I use DLP to control the computers of employees who work outside the office?

If employees work from home on corporate devices, then there are no problems with the organization of control. The only thing to do is to check the appropriate configuration of DLP and security policies, which will take into account the bandwidth and load of communication channels, as well as various “home” risks.

4. Can DLP control mobile phones?

No, it can not. In the context of the variables efficiency-invisibility-legality-cost mobile control remains an unsolved problem. The risk of information leakage through personal devices can be significantly reduced by using a set of technical and administrative measures. The most popular solutions are a complete ban on the use of gadgets at work, MDM/EMM solutions, and the installation of video surveillance cameras.

5. If employees find out that we are following them, can they sue us?

Don’t let this scenario happen. An employer must register the fact of control in writing and obtain consent from the employee. This will protect an employer from possible lawsuits and will be ethically correct. Upon request, we share sample documents with our customers.
The employee-employer relationship is regulated by the Labor code, which clearly states that the employee is obliged to work during working hours; that the employer has the right to demand the performance of labor duties; that if you organize working conditions, you can dispose of your property at your discretion. Moreover, by law, you are also required to monitor employees to protect personal data of customers, banking, and commercial secrets, as well as data in the industrial control system.

6. If employees know about control, does it make sense?

Yes, it does. The law does not oblige an employer to explicitly advertise what specific measures it takes to protect information. Our clients’ experience shows that if your risk manager does not make a fuss about every incident, employees very quickly stop focusing on control and return to their standard behavioral patterns.

7. Do we need a separate specialist to work with DLP? How much time will my employee spend working with your system?

It is advisable to have a risk mitigation specialist, who will be able to take care of a DLP system. Just “install and forget” equals squandering and will result in being disappointed in the software.

8. What is the load of DLP on the network and PC?

The load depends on where the DLP system processes and analyzes information: directly on the workstation or on the server. Some DLP systems are clumsy in this regard and assign “heavy” work only to the client part of the software.

9. Where are the guarantees that no one will get access to our information?

Our software does not have hidden features or spyware modules and does not transmit information outside the customer’s network. Numerous certificates and licenses, which you can find on our website, substantiate it. For now, we have more than 3000 customers and the trust of each is a value for us. We care about our reputation. Playing some “spy games” does not worth it.

10. What makes you better than other similar software solutions?

We can brag a lot, but no matter what we say, first, you need to test the software in your company. Give the software the maximum load, and examine DLP “pilots” from several vendors. As for our system, it is available for testing in full functionality for free. You can also test information security outsourcing.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alex Parfentiev

Alex Parfentiev

53 Followers

Leading Analyst at https://searchinform.com/, I’m here to address those human factor risks many businesses often neglect or aren’t even aware of