Many businesses invest heavily in Data Loss Prevention (DLP) systems that prevent users from intentionally or accidentally leaking sensitive data. But a recent incident at Heathrow Airport highlights the challenges. An unencrypted USB stick containing security arrangements from the queen and other information was found on a street by a man in West London.
While this leak, reported by the BBC, seems to be accidental, it’s exactly the sort of incident DLP systems are meant to prevent. While there’s no discussion of what measures, if any, the airport authority had in place many security leaders I’ve spoken with highlight the challenges of such systems. While some sorts of data are easy to to catch in email – think of passport numbers, credit card data and similar information that has a distinct structure – some data is very hard to categorise and, therefore, identify.
And, there’s little that can be done if someone delivberately wants to steal data from inside a business or if an authorised person makes a silly mistake.
Solid policies and procedures, backed with repeated and well-executed user education are still one of the most powerful tools you have to protect your data.