The goal of traditional data loss prevention tools (DLP) is to stop confidential data from leaving the organization. If an insider accidentally (or intentionally) bypasses DLP protection, however, there’s not much they can do. Once the data is out there, it can be shared, copied or published, and there’s very little you can do about it.
Virtru Data Loss Prevention — a standard part of Virtru Pro — has a number of standard features to catch emails and attachments that breach business privacy or compliance before they leave your organization. However, its integration into Virtru Pro email encryption allows it to transcend the limits of traditional DLP solutions. Your company can move beyond perimeter defense, and adopt a strategy that safeguards data, wherever it goes.
What is Data Loss Prevention – Tools to Safeguard Email
Like other data loss prevention tools, Virtru DLP scans emails for data patterns based on preset or customized rules set by the administrator. If it finds those patterns, it triggers one or more actions to prevent data loss, safeguard compliance or facilitate mitigation. Those actions include:
By scanning multiple email fields, Virtru DLP can prevent a wide range of attacks. It can search the recipient fields (to, CC and BCC) for either a recipient’s address or domain. For example, a government organization like Columbia County could use the data loss prevention tool to automatically encrypt all emails sent to the sheriff for CJIS compliance.
Virtru can also scan the text and body of emails for keywords, as well as data types, such as Social Security numbers. This can be used to detect information governed by compliance rules, such as HIPAA Protected Health Information (PHI), or to detect words like “client” or research that may indicate confidential information.
Because Virtru DLP can pop up warning messages, not only can it prevent a breach, but it also educates the sender. Workers can learn from their mistakes without causing a breach, or click through in the case of a false positive. Administrators can also identify and meet with users who have been repeatedly triggering certain rules, or review the content of automatically forwarded emails.
But Virtru’s biggest benefits over other DLP solutions occur once your message leaves your computer.
Perimeter DLP Solutions Can’t Stop 3rd Party Interception
Traditional data loss prevention tools leave you vulnerable to a malicious 3rd party, who can grab your email in transit. DLP software typically works on the organization’s email server. Encryption is only applied after scanning (if at all). If the sender encrypts the message before sending, DLP can’t scan it. If the organization encrypts it after scanning, however, it’s at risk of being intercepted as an unencrypted email before it reaches the server.
Virtru DLP scans and encrypts before the message leaves the sender’s computer and only decrypts it once the sender opens it, keeping it safe along its entire journey. This means no unauthorized parties or service providers (including Virtru) ever have access to message content. This makes Virtru an ideal choice for CJIS compliant email, and other compliance regimes that require data to be encrypted any time it leaves the perimeter.
Virtru also solves an even greater flaw in data loss protection tools: the lack of universal two-way encrypted email. Typically, users can only send encrypted emails to recipients who have installed and configured the same type of email encryption ahead of time. With Virtru, you can send emails and attachments to anyone. Recipients without Virtru installed can quickly click through to the Virtru Secure Reader, allowing them to read the message, send an encrypted reply and even attach files.
Unlike other data loss prevention tools, this allows you to protect client privacy in both directions. Workers can send confidential records and clients can provide tax documents and other personal information, all over email. This eliminates the inconvenience of secure client portals and the risk posed by using an insecure communication channel for day-to-day correspondence.
Other Data Loss Prevention Tools Can’t Stop Breaches After You Hit “Send”
Data loss prevention software can catch mistakes, but no program is perfect. Employees can still inadvertently share data with the wrong recipients and not realize it until after hitting “send,” with costly consequences. Virtru email encryption goes beyond other data loss prevention tools by allowing users to recall an email at any time — even after it has already been read.
When a recipient clicks to open a Virtru message, their Virtru client contacts the Virtru key server to request the message key. If you hit the Revoke Message key, it tells Virtru to deny access, preventing the recipient from opening the message (or opening again, if they’ve already read it).
This feature is complemented by Virtru Read Receipts, which records when the recipient opens a message. If you revoke a message before it’s opened, Virtru provides proof that there has been no breach, potentially saving you from costly compliance violations and legal liability. .
Virtru Data Loss Prevention Tools Reduce the Risks of Sender Mistakes
Most DLP solutions can’t do anything to prevent the recipient from accidentally or purposely exposing data. However, Virtru provides data loss prevention tools to limit risk by limiting the recipient’s access. Have a message you don’t want shared? Turn on Disable Forwarding before you hit send. Want to share time-sensitive information without leaving a permanent record in your recipient’s inbox? Set an expiration date on the message before sending — access will be automatically revoked after the specified date.
These settings (along with Revoke) can be activated or changed at any time, provided the message is encrypted with Virtru. Just find the message in your Virtru Dashboard, click on the message, and select the relevant setting. Gmail users can also locate and change permissions in their sent mail folder.
Virtru Protects IP and Holds Recipients Accountable
Data loss prevention tools are good at preventing inadvertent breaches, but usually can’t stop intentional leaks. If high-security government intelligence organizations can fail at insider threat detection, anyone can.
The good news is, you can significantly reduce the likelihood of a breach by holding workers responsible for the IP in their possession, using Virtru PDF Watermark. When you watermark a PDF with Virtru Pro and send it as an attachment, the file is encrypted and marked with the recipient’s email address. The recipient can read it in Virtru’s secure reader, but won’t be able to download it. If they forward it, the new recipient’s name will be watermarked on it, making it easier to detect where a breach originated.
By default, PDF Watermark files can only be forwarded once, decreasing the likelihood that the file will be shared with inappropriate recipients. Watermarking also supports disable forwarding to prevent sharing entirely.
PDF Watermark complements your other data loss prevention tools by limiting what the recipient can do with a file and who they can share it with. This makes it invaluable for protecting IP such as recordings, screenplays, and product designs.
DLP Solutions That Go Anywhere Your Data Does
It only takes one click to breach valuable intellectual property or expose confidential customer information. Your data loss prevention tools need to be able to safeguard your data in the cloud, where it is most at risk. However, tools alone aren’t enough without a well-designed DLP strategy. Use these resources to learn more:
6 Businesses Needing Data Loss Prevention Best Practices
4 DLP Security Best Practices for Email
Data Protection and Confidentiality with Virtru’s HIPAA Compliance Rule Pack
Data Loss Protection: Safeguarding Trade Secrets