Data Loss Prevention (DLP)

See how OfficeKeeper can help you with DLP.

What is DLP?

Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data. Organizations use DLP to protect and secure their data and comply with regulations.

The DLP term refers to defending organizations against both data loss and data leakage prevention. Data loss refers to an event in which important data is lost to the enterprise, such as in a ransomware attack. Data loss prevention focuses on preventing the illicit transfer of data outside organizational boundaries.

Organizations typically use DLP to:

  • Protect Personally Identifiable Information (PII) and comply with relevant regulations
  • Protect Intellectual Property critical for the organization
  • Achieve data visibility in large organizations
  • Secure mobile workforce and enforce security in Bring Your Device (BYOD) environments
  • Secure data on remote cloud systems

DLP: Preventing data loss from various sources

Causes of Data Leaks

Three common causes of data leaks are:

  • Insider threats— a malicious insider, or an attacker who has compromised a privileged user account, abuses their permissions and attempts to move data outside the organization.
  • Extrusion by attackers— many cyber attacks have sensitive data as their target. Attackers penetrate the security perimeter using techniques like phishing, malware or code injection and gain access to sensitive data.
  • Unintentional or negligent data exposure— many data leaks occur as a result of employees who lose sensitive data in public, provide open Internet access to data, or fail to restrict access per organizational policies.

Data Leakage Prevention

You can use standard security tools to defend against data loss and leakage.

OfficeKeeper helps prevent data leaks by:

  • Control access to external devices, external storage (USB, smartphone, HDD, disk…)
  • Block or alert the user to send out sensitive data by defining confidential identities (keyword, file type, file size, pattern…)
  • Control data sending via various applications (messaging app, web, cloud storage…)
  • Scanning for unauthorized data saved in user’s PC


This post is available in: viTiếng Việt enEnglish