Data Loss Prevention Policy Template

Data Loss Prevention Policy Template

January 14, 2022


Reading time
10 mins

Today, data is more available, more transferable, and more sensitive than ever. The best way to stop data leaks is to implement a Data Loss Prevention (DLP) solution. DLP enforces an automated corporate policy, which can identify and protect data before it exits your organization.

Many tools, including dedicated DLP tools, email servers, and general-purpose security solutions, offer DLP policy templates. These templates can help you easily create DLP policies that define which organizational content should be protected by a data loss policy. For example, DLP can ensure that content identified by the policy is not transmitted to external individuals, modified, or deleted.

In this post you will learn:

What is a DLP policy?

Data loss prevention (DLP) safeguards the information of an organization and stops end users from leaking sensitive data outside the network. Network administrators use DLP tools to track data shared and accessed by end users. DLP tools can protect and classify data, while DLP policies outline how organizations should implement these tools.

DLP software classifies the confidential and essential data of an organization. The software isolates violations of policies, as defined by a predefined policy pack or by the organization. Regulatory compliances such as PCI DSS, HIPAA, or GDPR generally shape these policies. Once the software identifies violations, DLP remediates with encryption, alerts, and other measures to stop end users from inadvertently or maliciously exposing the data.

Data loss prevention tools scan endpoint activities, and monitor data in the cloud to safeguard data at rest, in use, and in motion. They also filter data streams on organizational networks. An organization can use DLP reporting functions to ensure they adhere to auditing and compliance requirements, and to isolate abnormal activity and areas of weakness in their organization. This helps with incident response and forensics.

Why it is important to have a DLP policy

Data security prevents hostile attacks on an organization. But employees have many ways to share and access distributed organizational data, making inadvertent data loss a pressing concern.

Employees, business partners, contractors, and other third parties can also pose a threat to the organization when they steal or accidentally leak company data. For example, employees may fall victim to social engineering attacks, which highlights the need for ongoing employee security awareness training. These insider threats present a large risk to businesses today.

Data storage is now more accessible via remote locations and cloud services. Malicious actors can access the data from poorly secured phones and laptops.

There are three key reasons for having a data loss prevention policy:

1. Compliance

Company policies are guided by mandatory compliance standards specified by governments and industry regulators, such as SOX, HIPAA, and PCI DSS. These standards outline how an organization should safeguard personally identifiable information (PII) and other sensitive data.

A DLP policy is the first stage in compliance, and helps provide accurate reporting for audits. Typically, DLP tools are designed for the requirements of a particular industry’s common standards.

2. Intellectual property

Trade secrets and other intangible assets, including organizational strategies and customer lists, might be of greater value than physical assets. Losing this kind of information may result in financial and reputational damage, misappropriation, criminal penalties, and legal action.

3. Data visibility

With the growing movement towards digitization, sensitive information is found on devices such as servers, laptops, network shares, cloud storage, databases, USB drives, and mobile devices.

A DLP policy can help organizations learn how stakeholders and end users use sensitive information. An organization can better safeguard its information when it has visibility over what data exists, where it resides, who uses it, and for what purpose.

Best practices for creating a successful DLP policy

Although no protection is absolute, best practices can help your organization implement a successful data protection policy.

  • Identify data that requires protection — See which information requires protection, by classifying, prioritizing, and interpreting data based on its vulnerability and risk factors.
  • Understand how to assess vendors —Establish a framework with relevant questions to make an informed purchasing decision.
  • Specify the roles of all parties involved — Outline the role of each individual to prevent data misuse.
  • Monitoring data movement — Understand how data is used, and identify behavior that puts data at risk. Use this knowledge to develop policies that mitigate the risk of data loss and ensure appropriate data use.
  • Involve leadership — Management buy-in is crucial to the success of DLP. Policies are not worth anything unless they can be applied at an organizational level. Department heads should create a data loss prevention policy that is in keeping with corporate culture.
  • Educate the workforce — We tend to view employees as the weak link in data loss prevention, yet executives often don’t prioritize security training. Invest in helping stakeholders and users of data to understand the policy and its importance.
  • Use metrics to determine success — Measure DLP success using metrics, including the number of incidents, percentage of false positives, and average time to respond. Data loss prevention metrics will help you see how efficient your policy is, and the return on your investments.

DLP policy templates for common enterprise tools

Data loss prevention policy templates use DLP data identifiers and logical operators (AND, OR, NOT) to create condition statements. Only data or files that meet a certain condition statement will fall within the confines of a DLP policy.

For example, a DLP policy can specify that a file belongs to the sensitive “employment contracts” category if it meets all of the following criteria:

  • Must be a Microsoft Word file (file attribute)
  • AND must contain certain legal terms (keywords)
  • AND must contain ID numbers (defined by regular expression)

DLP policies on Microsoft Exchange

Microsoft Exchange offers DLP policy templates that can help safeguard organizational data stored and transmitted via an Exchange server.

They can help you manage PCI DSS and GLBA data, and US PII. DLP policies help with the full scope of traditional mail flow rules, and you can add more rules after establishing a DLP policy.

Prerequisites for creating Microsoft Exchange DLP templates:

  • Set up the Exchange server
  • Configure the user and administrator accounts, and check the transport pipeline to ensure you can send emails to external email clients. For more details read this document.
  • Receive permission from the security team or relevant authorities to create a DLP policy.
  • DLP requires an Exchange Enterprise Client Access License (CAL).
  • In hybrid environments where certain mailboxes are in on-premises Exchange and some are in Exchange Online, DLP policies are only applied in Exchange Online.

Examples of available DLP templates in Exchange:

Policy templateExamples of information the template is used to detect and protect
PCI Data Security Standard (PCI DSS)Debit card or credit card numbers
U.K. Data Protection ActNational insurance numbers
U.S. Health Insurance Act (HIPAA)Social security numbers and health information
Portability and Accountability Act (HIPAA)U.S. Personally Identifiable Information (PII), for example, social security numbers or driver’s license numbers.
France Data Protection ActHealth insurance card number
Canada Personal Information Protection Act (PIPA)Passport numbers and health information
Australia Privacy ActFinancial data in Australia, including credit cards, and SWIFT codes
Japan Personally Identifiable Information (PII) DataDriver’s license and passport numbers

See all templates provided by Exchange server.

How to create a DLP policy from a template using the Exchange Admin Center (EAC):

1. In the EAC, navigate to Compliance Management > Data Loss Prevention, then click Add.

Source: Microsoft

2. The Create a New DLP Policy from a Template page appears. Fill in the policy name and description, select the template, and set a status — whether you want to enable the policy or not. The default status is Test Without Notifications.

3. Click Save.

DLP policies in Symantec Data Loss Prevention

Symantec Data Loss Prevention offers policy templates you can use to safeguard organizational data. You can import and export policy rules and exceptions as templates by sharing policies across environments and systems.

Policy templateSelected exampleExample description
US Regulatory EnforcementHIPAA and HITECH (including PHI)Enforces the US Health Insurance Portability and Accountability Act (HIPAA)
General Data Protection RegulationGeneral Data Protection Regulation (Digital Identity)Protects personal identifiable information connected to digital identity
International Regulatory EnforcementCaldicott ReportProtects UK patient information
Customer and Employee Data ProtectionEmployee Data ProtectionDetects employee data
Confidential or Classified Data ProtectionEncrypted DataDetects the use of encryption using different methods
Network Security EnforcementPassword FilesDetects password file formats
Acceptable Use EnforcementRestricted FilesDetects file types that may be inappropriate to send out of the company
Policy template import and exportPolicy template import and exportYou can import and export policy templates to and from the Enforce Server. You can share policy templates across environments, archive legacy policies, and version existing policies.

See all Symantec DLP templates here, organized into the categories above.

To create a DLP policy from a template in Symantec Data Loss Prevention:

  1. Add a policy from a template. See this help article.
  2. Choose the template you want to use. The Manage > Policies > Policy List > New Policy – Template List screen lists all policy templates.
  3. Click Next to configure the policy.
  4. Choose a data profile (if prompted), edit the policy name or description (optional), select a policy group (if necessary), and edit the policy rules or exceptions (if necessary).
  5. Save the policy and export it.

DLP policies in IBM BigFix

IBM BigFix is an end-to-end security solution for endpoints that also covers Data Loss Prevention. IBM BigFix’s Core Protection Module (CPM) provides predefined templates:

  • GLBA: Gramm-Leach-Billey Act
  • SB-1386: US Senate Bill 1386
  • HIPAA: Health Insurance Portability and Accountability Act
  • PCI DSS: Payment Card Industry Data Security Standard
  • US PII: United States Personally Identifiable Information

Templates are provided as XML files, which you can import to apply the template. BigFix also lets you create your own templates, once you configure DLP data identifiers.

How to import and use a pre-built DLP template in IBM BigFix:

  1. Navigate to Endpoint Protection > Configurations > Data Protection > DLP Settings Wizard > Template Management.
  2. On the new screen display, type a name for the template, enter a description, and select data identifiers.
    You can add new expressions to search content you want to allow or disallow, create a list of file attributes, and create a keyword list. Each definition should have a logical operator.
  3. Click Save.

For more details see this support article from IBM.

Complementing DLP with advanced security analytics

DLP solutions can monitor data flows and secure organizations against known threats. However, attacks and malicious insiders constantly find new ways to compromise systems and steal data, many of which cannot be captured by DLP policy rules. This can be solved by a new type of security tool called User and Entity Behavior Analytics (UEBA).

UEBA tools establish baselines for the behavior of users, applications, and network devices. They use machine learning algorithms to identify abnormal activity for an entity or group of entities, without having any predetermined rules or patterns. This complements DLP by alerting about data-related incidents that did not match any DLP policy rule.

For an example of a UEBA system that can protect against data breaches from insider or unknown threats, learn more about Exabeam Advanced Analytics.

Want to learn more about DLP?

Have a look at these articles:

Tags: Security,

Similar Posts

What is DLP? Data Loss Prevention for Critical Business Information

Data Loss Prevention Solutions: Making Your Choice

Understanding Cloud DLP: Key Features and Best Practices

Recent Posts

What’s New in Exabeam Product Development – September 2022

Exabeam News Wrap-up – Week of September 19, 2022

Exabeam News Wrap-up – Week of September 12, 2022

See a world-class SIEM solution in action

Most reported breaches involved lost or stolen credentials. How can you keep pace?

Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.

Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.

Get a demo today!