With the revelations in the past couple of months of network intrusions in retailers and other enterprises one can be excused for thinking organizations have no defences.

Not true. Layer defences including encryption of highly sensitive data can go a long way to cutting down the risk of data loss.

A guest security manager’s colunn for ComputerWorld U.S. outlines another possible strategy: installing a data loss prevention solution on the network and on endpoints.

DLP on the network can identify a lot of suspicious activity, the writer – who uses a pseudonym – says. However, in a company with a number of branches, each of which has its own Internet connection, traffic can only be watched where there’s a network monitor.

So his company tried endpoint DLP. One advantage is it monitors branch traffic before encryption. Another is it can monitor if data is being loaded onto external media like a USB drive.

And indeed an employee was caught copying 3GB of files and employee directories to a thumb drive by both the network DPL and the end point software.

It’s an interesting example of how the technology can work and worth thinking about, particularly if your enterprise has a lot of sensitive data.

Read the whole article here