Data Loss Prevention (DLP) - Top 6 Key Strategies for Preventing Data Theft

28 Feb 2025, by Slade Baylis

In our previous article from last month we covered the aspects of Data Loss Prevention (DLP) concerned with preventing passive threats from causing data loss for your organisation.  We talked about accidental deletion, hardware issues, and even environmental issues that can be a threat to the integrity of your data, as well as the best ways you can protect yourself from each of these types of threats.  In this article, we’ll instead focus on the more nefarious threats to your data, in particular that of cyberattacks that would seek to steal your data -  either to sell it, ransom it back to you, do damage to your organisation, or all of the above! 

In a lot of ways this type of threat is much more important to protect yourself from, as not only does it come with added legal and regulatory challenges, but the people carrying it out actively work against you in a type of cybersecurity arms race.  This means that if you don’t actively take steps to ensure you’re secure, you are potentially leaving the door wide open for any malicious cybercriminal that tries to get access to your data. 

What is Data Loss Prevention?

At the most basic level, Data Loss Prevention (DLP) is simply the act of using tools, techniques and technologies to shield data from being lost, damaged, misused, or stolen.  It encapsulates many different aspects of your organisation, including your approach to backups, asset management, hardware acquisition, cybersecurity, physical security, access control, training, and more.

Preventing data theft – Ensuring that others don’t have access to your data

In addition to passive threats to your data (such as accidental deletion or hardware failure), the other form of data loss that is extremely important to consider and defend against is that of malicious threats.  This includes cyberattacks in the form of the ever-more-sophisticated and ever-evolving phishing attacks which target an organisation's staff members. Unfortunately, on top of the expected external cybersecurity attacks and potential resulting data breaches, malicious attacks can also derive from intentional misuse by staff.   

Each of these threats require their own strategies to prevent.  This includes business decisions about how infrastructure should be configured, where they should be located, the policies and systems that are in place to prevent unauthorised access to data, as well as the ongoing practices that are in place to ensure that staff are adequately knowledgeable and trained.

1. Physically protect your hardware

In the age of public cloud resources that can be leased on a moment-to-moment basis as needed, it can be easy to think of data as being stored in some ethereal form, but data always exists somewhere physically.  So with this in mind, it still holds true that the data that you store on your systems is only as secure as the hardware that it’s physically stored on.

That’s why it’s important to consider the location that your servers and infrastructure will be stored within. Whilst it can be convenient to use hardware stored at your own premises, analysing the physical security of your premises might reveal that it’s not as secure as you believe it to be.  For instance, is your location monitored 24/7?  What physical barriers exist between your hardware and the outside world, should a nefarious third-party want to gain access to them?

It’s for this reason that many choose to host their services off-site and within a data centre.  Due to focusing and specialising in colocating services for clients, data centres are often able to implement much higher standards of security than most would be able to do so themselves on their own site.  For more information and examples of this, check out our The physical protection of data - The different ways we protect your systems article, which details measures we take to ensure our client’s hardware and the data on them are secure.

2. Make sure each endpoint has anti-virus / EDR software

Whilst it’s just a general and fairly common security tip, it’s vital that you ensure your endpoints are all secured with anti-virus, or alternatively EDR, security software.  It’s an important step for making sure you’re protected against cyberthreats that could lead to data breaches, because without them, not only would you not be notified, but any infection could spread to any other devices or servers that it connects to. 

This isn’t just important for your infrastructure and services, but also for any of the devices that staff will use to access and administer them.  With the rates of remote or hybrid work arrangements having increased in recent years, this can extend to the devices they use whilst outside of the office.  It’s for this reason that we highly recommend issuing staff that work remotely with devices that are secured with remote management and anti-virus / EDR software.

Specifically, EDR solutions are the preferred option that we recommend to our clients, as they help protect against modern threats using behavioural detection, unlike the the older approaches used in anti-virus software.  For more information on this, check out our With 80% of malware evading antivirus applications, signature-based protection isn’t enough anymore article.

3. Use appropriate security appliances

The appliances and security services set up on the perimeter of your infrastructure plays a key role in the prevention of data theft.  With most data breaches first requiring that one of your endpoints be compromised, any security services that provide added protection and reduces the chances of a successful breach can help with DLP (Data Loss Prevention).

• Firewalls - These prevent unauthorised access to your servers and systems, as well as enable secure connections to systems via VPNs (Virtual Private Networks).
• WAF (Web Application Firewalls) – These prevent the misuse and exploitation of vulnerabilities within internet-accessible applications.
• WAS (Web Application Scanners) – These scan and detect potential vulnerabilities and issues within your applications.
• Vulnerability Scanners – These scan and detect potential vulnerabilities and configuration issues with your servers and infrastructure, as well as let you know what specific exploits you may be vulnerable to.
• Asset Management and Vulnerability Management Services – These monitor your hardware and the software that’s deployed onto them, deploy security patches and updates, as well as have visibility and control over your systems remotely.

Each of these types of services are important to consider and determine whether they’re appropriate for your environment and worth the cost of implementing and maintaining.

4. Implement Access Controls

Ensuring that only authorised people have access to sensitive data is key to ensuring it’s secure.  It is for this reason that organisations must make sure Role-Based Access Control (RBAC) is in place, ensuring that only authorised staff have access to data.  In addition, configuring additional layers of security - such as placing sensitive systems on secured local networks, requiring staff to connect via VPN before accessing them – can greatly increase how secure those systems are.

Access control is all about ensuring that only authorised people have access to data.  However, consideration should be given to how best to confirm the identity of anyone requesting access.  Configuring and requiring Multi-Factor Authentication (MFA) is a great way to provide added assurance that the person logging into any system is in fact the person they are claiming to be.  MFA systems require that users not only provide login credentials, but also requires them to authorise the request via one other alternate means, such as providing a code provided via SMS, email, or via an MFA app on their phone.

By using of MFA, you’re able to have the added protection from the threat of authorised staff members having their login credentials stolen, which would then be used to provide that unauthorised individual with access to your data. 

5. Ensure your data is encrypted

Ensuring that your data is encrypted will provide you with yet another barrier should a cybercriminal get access to the data stored within your systems, as it does not allow them to successfully access and utilise that data.  This form of protection is called encryption “at rest” and is something that we highly recommend.

Another form of encryption is encryption "in transit”, which is to say the encryption of communication when data is being moved from one location to another.  For example, when looking to create external backups of your data, it is extremely important to ensure that the data is encrypted in transit.  This ensures that even if the data is intercepted or accessed without authorisation, it remains unreadable and secure.

6. Employee Training and Awareness

When it comes to ensuring your systems and data are secure, training is extremely important for ensuring your staff are up to date with your internal policies, and to help them understand the importance of following them.  Without adequate training, policies that would otherwise protect you, could be ignored or forgotten, opening up a potential avenue of attack on your organisation.

Ongoing and up-to-date training is especially important for threats that will target staff directly, such as phishing threats.  With the development and wider adoption of AI in the cybercrime space, these types of threats are and will continue to evolve.  For example, AI voice cloning is now an actively used technique for phishing attacks. If your staff are not aware of this style of attack, they will have no chance to spot or defend themselves against them.  And with AI now being used to improve the grammar and appearance from of the previous typical forms of phishing attacks, such as phishing emails or messages on social media, it is imperative that you keep your staff up to date and informed as to what the latest threats are.

What should you do if you are breached?

Well ahead of time, it’s critical that you have two importance plans in place, just in case the worst should occur.  A well-defined Business Continuity Plan (BCP) outlines the steps that the people within your organisation need to follow for business continuity.  Separately, but still closely related to your BCP, is a well-defined Disaster Recovery Plan (DRP), which outlines the steps you will need to take in order to recover data and restore systems back.

More information on what BCPs and DRPs are, and what you should include in them, can be found in our previous What are Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs)? article.  We highly recommend you read this article to ensure that you’re well prepared beforehand, rather than scrambling to act afterwards!

Have any questions about the best ways to protect your data?

If you have any questions about protecting your data from loss or theft, let us know!  We can provide advice on the best ways to protect your data from more benign threats, such as hardware failure, all the way through to those malicious cyberattacks that are hell-bent on taking you down.

You can reach us by phone on 1300 769 972 (Option #1) or via email at sales@micron21.com.