Comment on [deleted]
ITeeTechMonkey@lemmy.world 2 months ago
I hate to say it but company data is most definitely on personal computers.
This is why stuff like adaptive MFA and DLP are a thing. What most people don’t know is if DLP is properly implemented the IT team/department have records of who, when, where, and what device were used to not just access/download data/files.
The problem is a lot of companies don’t properly implement DLP because it’s not a turn key solution. You need to properly classify your data first and that requires essentially a company wide audit with buy-in from all levels of management. After the classifications you can then implement restrictions and compensating controls.
Back in the day you could just block USB/network transfer, but if you have data accessible outside of a corporate network you then need to implement conditional access/adaptive MFA where only registered devices are permitted to access certain systems.