Educause Security Discussion mailing list archives

Re: Data Loss Prevention (DLP)

From: Eric Lukens <eric.lukens () UNI EDU>
Date: Wed, 15 Feb 2017 08:59:44 -0600

Many students also provide their sensitive data via email when applying for
jobs, typically small to mid-size places. While employers shouldn't do
that, it happens all the time.

-Eric

On Tue, Feb 14, 2017 at 6:05 PM, James Valente <jvalente () salemstate edu>
wrote:

We're running Identity Finder (now Spirion Sensitive Data Manager, but we
haven't updated yet) on a few endpoints and it has helped to purge any
sensitive docs students have left on public workstations.

We had also previously enabled DLP on our Barracuda's outbound queue. That
worked immensely well for catching data with SSNs and CC numbers that
should not have been going out.  However, because student email was flowing
through the Barracuda, we had to disable it temporarily because it was
flagging, and quarantining, every email where a student or employee was
emailing their own tax information.  While this isn't a recommended or safe
practice, our concern is primarily employees emailing data belonging to the
University, students, or employees (other than the sender).


--James
------------------------------
*From:* The EDUCAUSE Security Constituent Group Listserv [
SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Jeff Borton [
jborton () SCHOOLCRAFT EDU]
*Sent:* Monday, February 13, 2017 16:02
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] Data Loss Prevention (DLP)

Just wondering if there is anyone using Data Loss Prevention technology as
part of their security arsenal.



If so what product are you using?  Has the product actually prevented any
exfiltration.



*Jeff Borton*

*Executive Director of Information Security & Networking*

*jborton () schoolcraft edu <jborton () schoolcraft edu>*

*734.462.4446*



[image: cid:image002.png@01CF177E.5A2F4840]
<http://www.schoolcraft.edu/maps/livonia.asp>



CONFIDENTIALITY NOTICE: This message and any included attachments are from
Schoolcraft College and are intended only for the addressee. The
information contained in this message is confidential and any unauthorized
forwarding, printing, copying, distribution, or use of such information is
strictly prohibited and may be unlawful.




-- 
============================================================
Eric C. Lukens       IT Security Compliance & Policy Analyst
Information Security          Innov Teaching & Tech Ctr 117D
University of Northern Iowa       Cedar Falls, IA 50614-0301
(319) 273-7434                   http://www.uni.edu/elukens/
============================================================

Current thread:

Data Loss Prevention (DLP) Jeff Borton (Feb 13)
- Re: Data Loss Prevention (DLP) McCrary, Barbara (Feb 13)
- Re: Data Loss Prevention (DLP) James Valente (Feb 14)
  - Re: Data Loss Prevention (DLP) Eric Lukens (Feb 15)
    - Re: Data Loss Prevention (DLP) Frank Barton (Feb 15)
    - Re: Data Loss Prevention (DLP) James Valente (Feb 15)
    - Re: Data Loss Prevention (DLP) Jeff Borton (Feb 15)
  - Re: Data Loss Prevention (DLP) Jeff Borton (Feb 21)