Prohibit responsible employees
Posted: Thu Feb 13, 2025 6:30 am
A simple and effective practical solution in terms of technical counteraction to data leaks in the considered threat model comes down to three points:
— from transferring files of a certain type and size outside the white list of authorized recipients identified by the DLP system directly at the stage of transferring messages or files via email, messengers, or social networks. In this case, the facts of transfer must be recorded to ensure the possibility of further investigation of incidents.
— prohibit access to file-sharing resources, ftp servers, torrents, since their security model is usually based on the fact that all decisions about the methods and level of authorization, authentication and level of usa whatsapp data to data are made by the end user, and not the information security service, there is no feedback from such network applications to corporate security tools. It is also worth limiting the use of internal file-sharing resources (SMB) to avoid collusion between employees with different levels of control.
— limit the use of storage devices as much as possible, or use whitelists of USB devices with serial number control. Again, recording logging should be considered a mandatory factor. Here, it is also worth applying recording restrictions by file type and size.
When talking about control by file type and size, it should be remembered that such control should be based on binary signature analysis of data, and not on an extension that is easily changed by the user, while the simplest methods of masking files (placing them in archives and containers) should be detected and stopped.
— from transferring files of a certain type and size outside the white list of authorized recipients identified by the DLP system directly at the stage of transferring messages or files via email, messengers, or social networks. In this case, the facts of transfer must be recorded to ensure the possibility of further investigation of incidents.
— prohibit access to file-sharing resources, ftp servers, torrents, since their security model is usually based on the fact that all decisions about the methods and level of authorization, authentication and level of usa whatsapp data to data are made by the end user, and not the information security service, there is no feedback from such network applications to corporate security tools. It is also worth limiting the use of internal file-sharing resources (SMB) to avoid collusion between employees with different levels of control.
— limit the use of storage devices as much as possible, or use whitelists of USB devices with serial number control. Again, recording logging should be considered a mandatory factor. Here, it is also worth applying recording restrictions by file type and size.
When talking about control by file type and size, it should be remembered that such control should be based on binary signature analysis of data, and not on an extension that is easily changed by the user, while the simplest methods of masking files (placing them in archives and containers) should be detected and stopped.