Best moments from “Hacking DLP” – CISO Series Video Chat

Here’s a quick, six-minute highlight video of our CISO Series Video Chat “Hacking DLP: An hour of critical thinking of how we can manage data loss when everyone is working from home.”

Our guests for this discussion were:

Watch the full video here

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Digital Guardian

Best Bad Ideas


Congrats to Ian Poynter, virtual CISO, Kalahari Security for winning this week’s Best Bad Idea!

Other honorable mentions go to:

“Inform your employees that all of their outgoing email will be delayed due to a new DLP review process performed by interns. To reduce implementation costs, don’t hire the interns and let the mail.” – Fred Gruhn, director, security + compliance, SMG – Service Management Group

“Since the 3rd definition of acronym DLP on google is “DisneyLand Paris”, allow anyone dressed as a Mouse (or Hamster) to exfiltrate any data.” – Larry Rosen, manager, security advisory, Avanade

“Have all remote employees work without clothes or electronics to ensure they have nothing on them that could be listening or taking a picture.” – Ron Woerner, CEO, president and chief cybersecurity consultant, Cyber-AAA

“Set data retention to 1 hour, unless it is flagged otherwise.” – Ian Poynter, virtual CISO, Kalahari Security

Best Strategies

“Identify “DLP Champions” in each department, preferably a tenured employee or manager, to garner buy-in and collaboration, and to provide user-level feedback to security to improve your solution.” – Brian Colt, information security engineer, DASH Financial Technologies

“Integrate Data Classification, Identification and Protection (DLP) as part of the overall Business Plan.” – Ron Woerner, CEO, president and chief cybersecurity consultant, Cyber-AAA

“TEACH your employees the business reasons to protect data since most want to do the right thing.” – Larry Rosen, manager, security advisory, Avanade

Quotes from the chatroom

“Employees should be involved in the DLP process to prevent social engineering attacks (including shoulder surfing).” – Jake Cozart, software engineer, Flybook Reservation Software

“If a user doesn’t like the defined retention, they will find a way to capture the record and keep it longer.” – Kate Schenker, information governance manager, GCI General Communication, Inc.