Data loss prevention is a security solution that identifies and helps prevent unsafe or inappropriate sharing, transfer, or use of sensitive data. It can help your organization monitor and protect sensitive information across on-premises systems, cloud-based locations, and endpoint devices. It also helps you achieve compliance with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR). When it comes to security data, following information protection and governance best practices is critical Information protection places controls (for example, encryption) around sensitive data, while information governance determines its lifecycle (how long an organization retains the data). Together, they help your organization understand, safeguard, and govern its data.

Encryption. Plaintext is transformed into unreadable cipher-text (more simply, data is converted into code) to prevent unauthorized access.

When adopting a data loss prevention solution, it’s important to do thorough research and find a vendor whose solution is appropriate for your needs.

It is very likely that you are using these face-detection routines already: Did you ever wonder how the camera in your mobile phone is so good at auto-focusing on the faces of people? Turns out, your camera is using pre-trained face detection machine learning models to put everyone in focus.

Explore how data protection requirements are changing and learn three steps to help modernize the way you protect your data.

While reviewing your photo, you can adjust the redacted areas: Add new, remove, or edit existing ones. This is your chance to completely eliminate all PII from your photo:

Encryption. Maintain the confidentiality and integrity of your data by ensuring that only authorized users can access data while it’s at rest or in transit.

Loss PreventionOfficer

If you do not enable Smart camera features in your mobile app, face redaction as described in this article will not happen.

Document the deployment process. Ensure your organization has procedures to follow, reference material for new team members, and records for compliance audits.

Loss preventionsecurity

This post explores the use of a Smart Assistant to help you redact human faces from a photo taken with the Survey123 mobile app. Familiarity with XLSForm and Survey123 Connect is assumed.

Knowing what data you have and how it’s used across your digital estate makes it easier for your organization to identify unauthorized access to data and protect it from misuse. Classification means applying rules for identifying sensitive data and maintaining a compliant data security strategy.

A DLP solution gives you visibility into the sensitive data within your organization and helps you see who might be sending it to unauthorized users. Once you determine the scope of actual and potential issues, further customizations can be made to analyze data and content to strengthen your cybersecurity measures and DLP efforts.

Data classification. Identify which data is sensitive and business critical, then manage and protect it across your environment—wherever it lives or travels.

Malware, or malicious software—including worms, viruses, and spyware—is often disguised as a trusted email attachment or program (for example, an encrypted document or file folder). Once opened, it allows unauthorized users into your environment who can then disrupt your entire IT network.

You can configure Survey123 image questions to help you redact faces from your photos. Face redaction will happen right on your device, even if offline and before any data is sent to your ArcGIS organization.

Loss preventionexamples

Loss Preventiontraining

The Add Smart Redaction to your Survey help topic describes a few more parameters you can use: You can control the redaction effect (pixelate, blur, blockout or a custom symbol), hide and show labels in the live camera preview, and the scale and color of the redaction boxes.

Ransomware is a type of malware that threatens to destroy or block access to critical data or systems until a ransom is paid. Human-operated ransomware that targets organizations can be difficult to prevent and reverse because the attackers use their collective intelligence to gain access to an organization’s network.

Establish roles and responsibilities. Clarify who’s accountable, who needs to be consulted, and who needs to be informed regarding activities related to your DLP solution. For example, your IT team must take part in the deployment so that they understand the changes being made and are able to resolve issues. It’s also important to separate responsibilities so that those who create policies can’t implement them, and those who implement policies can’t create them. These checks and balances help thwart the misuse of policies and sensitive data.

Loss PreventionServices

Reporting. Customized DLP reports may contain policy matches, incidents, and false positives. Reporting helps you identify the accuracy of your DLP policies and refine them as needed.

Security education and awareness. Teach employees, executives, and IT teammates how to recognize and report a security incident and what to do if a device is lost or stolen.

DLP benefits begin with the ability to classify and monitor your data and include improving your overall visibility and control.

A data breach can cost your organization millions of dollars, damage its reputation, and affect its revenue stream for years. A data loss prevention solution helps your organization:

Discover how to identify and help prevent risky or inappropriate sharing, transfer, or use of sensitive data on-premises and across apps and devices.

Infrastructure and cloud security. Security for your hardware and software systems to help prevent unauthorized access and data leaks from your public cloud, private cloud, hybrid cloud, and multicloud environments.

You likely take photos when using Survey123: to report incidents, inspect assets or document your work. Now, are these photos allowed to contain personally identifiable information? Some regulations such as CPRA, CCPA, VCDPA and GDPR qualify human faces as personally identifiable information (PII). The presence of PII in your photos limits their use and how you secure and manage them.

Phishing is the act of sending fraudulent emails on behalf of reputable companies or other trustworthy sources. The intention of a phishing attack is to steal or damage sensitive data by tricking people into revealing personal information such as passwords and credit card numbers. They can target a single person, a team, a department, or an entire company.

Loss Preventionjobs

Technically speaking, what I describe in this article uses face-detection routines included with iOS and Android devices.  These routines leverage, depending on your operating system, pre-trained machine learning models from Apple and Google.

Information security (InfoSec) refers to the security procedures that protect sensitive information from misuse, unauthorized access, disruption, or destruction, including both physical and digital security. Key elements of InfoSec include the following:

Cloud access security broker (CASB) software. Enforce your security policy between enterprise users and cloud service providers to mitigate risk and maintain regulatory compliance.

Data loss prevention is a combination of people, processes, and technology that works to detect and prevent the leakage of sensitive data. A DLP solution uses things like antivirus software, AI, and machine learning to detect suspicious activities by comparing content to your organization’s DLP policy, which defines how your organization labels, shares, and protects data without exposing it to unauthorized users.

Get governance, protection, and compliance solutions for your organization with Microsoft Purview. Visit the Purview website to learn how to improve visibility, manage your data securely, and go beyond compliance while safeguarding your data across platforms, apps, and clouds.

Unintentional exposure occurs when employees unknowingly allow access to unauthorized users or viruses. Identity and access management tools help organizations control what users can and can’t access, and helps keep your organization’s important resources—like apps, files, and data—secure.

A DLP policy defines how your organization shares and protects data without exposing it to unauthorized users. It helps you comply with government regulations, protect intellectual property, and improve visibility into your data.

Even better, try adding this instead: redaction=@faces&cameraPreview=true  This will blur faces once the photo is taken and also while in the live camera preview.

Automated classification gathers information, such as when a document was created, where it’s stored, and how it’s shared, to improve the quality of data classification in your organization. A DLP solution uses this information to enforce your DLP policy, which helps prevent sensitive data from being shared with unauthorized users.

Loss preventionin retail

Data threats are actions that can affect the integrity, confidentiality, or availability of your organization’s data, while a data leak exposes your sensitive data to untrustworthy environments.

Every organization must adhere to data protection standards, laws, and regulations like HIPAA, the Sarbanes-Oxley (SOX) Act, and the Federal Information Security Management Act (FISMA). A DLP solution gives you the reporting capabilities you need to complete compliance audits, which may also include having a data-retention plan and training program for your employees.

According to Apple and Google, these face detection routines do not send your photos to their respective clouds. That is, face-detection happens on your device. In case you want to learn more, here is the relevant privacy statement from Google. For Apple, check their Device Analytics & Privacy and Data & Privacy statements.

Disaster recovery. A plan for re-establishing your technological systems after a natural disaster, cyberattack, or other disruptive events.

Define your security requirements. Help protect your organization’s intellectual property and your employees’ and customers’ personal information.

Understanding these options and how they work with your DLP solution can help jumpstart your journey to more secure data.

Incident response. How your organization responds to, remediates, and manages the aftermath of a cyberattack, data breach, or another disruptive event.

With data threats, it’s a matter of when they’ll happen, not if they’ll happen. Choosing a DLP solution for your organization requires research and planning, but it’s time and money well spent to protect the sensitive data, personal information, and reputation of your brand.

As described above, the face detection features used by Survey123 are powered by APIs from Apple and Google. By default, access to these API's is disabled, but you can enable it as follows:

User behavior analytics. Make sense of the data you gather about your systems and the people using them. Flag suspicious behavior before it leads to a data leak or security breach.

As you can see, the smart assistant helps you get started with the PII redaction process. Smart Assistant will blur all the faces it can find in your photo. You can then manually redact other information as appropriate to your workflow.

Customize your DLP solution to scan all data flowing through your network and block it from leaving the network by email, being copied to USB drives, or other means.

Loss Preventionsalary

Note: Once you exit the redaction dialog, your photo will not be editable from the Survey123 mobile app anymore. Redacted areas are not recoverable. That is, you cannot restore an area that has been redacted.

Cryptography. Algorithm-based communication security to ensure that only the intended recipients of a message can decipher and view it.

Software. Control who accesses and shares data in your organization. Establish policy controls to detect and prevent unauthorized data transfers, sharing, or leaks.

To trigger face redaction on an image question, add redaction=@faces to the bind::esri:parameters column of your image question.

Insiders are people who have information about your data, computer systems, and security practices, such as employees, vendors, contractors, and partners. Misusing authorized access to negatively impact the organization is one example of an insider risk.

To keep threats at bay, you need to monitor who has access to what and what they’re doing with that access. Prevent insider breaches and fraud by managing the digital identities of employees, vendors, contractors, and partners across your network, apps, and devices. Role-based access control is one example of providing access to only the people who need it to do their jobs.

A cyberattack is a deliberate, malicious attempt to gain unauthorized access to computer systems (business and personal) and steal, modify, or destroy data. Examples of cyberattacks include distributed denial-of-service (DDoS) attacks, spyware, and ransomware. Cloud security, identity and access management, and risk management are a few ways to protect your network.

If removing PII from photos is important to you, Survey123 Smart Assistants may be of help. Read on, learn, and experiment. Then discuss with your colleagues how well, or not, this technology is useful to your workflows.

Insider risk management software. Pinpoint which employees may be accidentally leaking data and uncover malicious insiders who are intentionally stealing sensitive information.

Depending on how you configured your image question, automatic face redaction will occur after you take the photo, or also before you take it, while in the live camera preview. Either way, after you press the camera shutter button, your photo will be presented so you can review it. The review process is key.

A DLP solution is essential to your risk reduction strategy, especially when it comes to securing endpoints like mobile devices, desktop computers, and servers.