Data Loss Prevention for Financial Services

Data Loss Prevention for Financial ServicesTrueDLP™ provides data loss prevention tools for financial services firms (including banks, credit card companies, and credit-reporting institutions) to address compliance with regulations protecting Personally Identifiable Information, PII, as governed by the Payment Card Industry Data Security Standard, PCI-DSS, Sarbanes-Oxley, (SOX), Federal Deposit Insurance Corporation (FDIC), Gramm-Leach-Bliley (GLBA), Federal Information Security Management (FISMA) and Federal Trade Commission (FTC) guidelines.

Assess Risk of Loss of Personally Identifiable Information

TrueDLP™ provides robust mechanisms to detect and analyze PII and other confidential data throughout the entire enterprise network including cloud storage and endpoint devices.

  • Identify and prioritize risks relating to the handling of information requiring protection.
  • Classify all users authorized to handle particular documents that carry both identify, a customer name or ID, with specific account information and where that information may be stored or communicated.

Apply Controls for Compliance with Specific Regulations

TrueDLP™ provides capabilities to scan all digital documents and to monitor the entire enterprise network from mobile devices to servers in the data center or in the cloud. Typical Financial Services applications of TrueDLP™ illustrate a broad range of protection:

  • Ensure PII is encrypted before being transmitted across open, public networks
  • Restrict access to unprotected Primary Account Numbers (PAN) with other unencrypted customer information
  • Continuously assess controls on PII by examining daily, weekly, monthly and trend reports on incidents involving any regulated data
  • Measure Customer Account Information leaving the organization via email
  • Discover unencrypted PII stored on SANs, in databases, on SharePoint, or on workstations

Train Workforce on PII Security Policies

TrueDLP™ may be deployed to prevent user actions that put an organization handling PII at risk. Moreover, these preventive actions may be tailored to educate of the users responsible for handling sensitive information.  Typical applications of this capability include:

  • Prompt a user for justification anytime customer account records are copied to USB Mass Storage devices
  • Notify a user when a file containing regulated data is attached to an email leaving the organization
  • Notify the appropriate administrator when a file containing regulated data is copied to an unprotected share

Measure Effectiveness of Security Policies

TrueDLP™ provides particularly easy to generate reports to continuously, periodically, or, on demand, assess the effectiveness of security policies and procedures regarding the protection of important data. This enables administrators to focus on areas before they become problems and allows the organization to be prepared for any requests for audits by the Payment Card Industry, the FDIC, and other regulatory bodies. Common measurements for a financial organization might include:

  • Tracking the effectiveness of controls by inspecting every communication leaving the organization to a branch office presence of PII
  • Monitor where PII is sent once it leaves the organization’
  • Get Daily, Weekly, and Monthly reports measuring incidents of interest and potential loss trends

Additional Resources

For more information on Code Green Networks solution for financial services check out these resources: