Companies risk billions of dollars in revenue and lost productivity each year due to loss of sensitive or confidential data. The primary sources for this loss are email systems, removable media, and mobile computers. Eliminating these damaging vulnerabilities requires careful prevention policies and security software tools. This TechTip describes how even small and mid-sized business customers can implement basic data loss prevention schemes and policies, starting with Symantec Protection Suite Enterprise Edition and Symantec Endpoint Encryption. Protecting email Over 90 percent of data losses through email are inadvertent: for example, an employee mistakenly forwards a sensitive document to the wrong person, or a virus is introduced to the system by a trusted email correspondent without their knowledge. With the proper configuration of Symantec Brightmail Gateway, a key component of Symantec Protection Suite Enterprise Edition, customers can prevent the disclosure of sensitive email, block viral attacks, insure that email content meets regulatory requirements, and stop the dissemination of inappropriate content. Customers should make certain they are using Brightmail Gateway’s policy-based workflow templates to implement regulatory compliance and customizing email control through powerful exact data matching to protect sensitive company information. With exact data matching, customers can securely filter for the actual sensitive information they store in their internal databases, and not just the patterns and keywords that may indicate potential violations. Simple customization will check outgoing email to make sure it does not contain sensitive data or that data is not being sent to unauthorized parties that would cause regulatory violations. Protecting endpoint data Not only is more and more data being generated every day on a typical network, but much of that data is distributed widely on USB flash drives and other types of removable media. One way to control the proliferation of this data and prevent possible loss is to limit access to devices and applications to particular groups, device types, or user groups. Device and application control is a core component of Symantec Endpoint Protection, another part of Symantec Protection Suite Enterprise Edition that gives customers the option of restricting the use of removable media or applications such as optical drive copying software. Endpoint Protection, like Brightmail Gateway, will also protect against malware threats, preventing inbound intrusions into customer networks at the most vulnerable point – remote computers, laptops, and handheld devices. The next step in reducing the risk of data loss is encrypting data. Symantec Endpoint Encryption enables customers to encrypt both laptops and removable media and add two-factor authentication to accessing these devices. There are two reasons for automatic data encryption on endpoints: 1) to make sure sensitive, valuable data does not fall into the wrong hands, in the case of loss or theft, and 2) to protect the company from regulatory liability by making certain sensitive data protected by privacy regulations is not intercepted or inadvertently disseminated. Endpoint encryption is centrally administered and supports multiple encryption algorithms. Data is password protected for authorized users only, and the system provides extensive auditing capabilities and reports for potential compliance auditing. The entire Endpoint Security family of products is described in detail here. The next level Finally, regardless of the size of a company or corporation, customers who are involved in heavily regulated industries or are interested in a more comprehensive approach to data loss prevention should consider a complete data loss prevention product such as Symantec Data Loss Prevention, to add powerful content-aware protection that proactively identifies where confidential or restricted information is stored even before it is exposed to potential regulatory violations or security breaches. Regardless of the size or complexity of their network, Symantec customers can add multiple and incremental layers of protection against data loss by upgrading their Symantec products and following simple guidelines for protecting their data.