30 data security experts discuss the best policies on BYOD and how to prevent a breach.

Learn about advanced persistent threats, including how they work and how to recognize signs of an APT attack.

Cloud computing brings critical convenience to our work and personal lives, but with that convenience comes security risks and challenges. These 6 tips offer some basic hygiene for cloud data protection that end users and businesses alike should follow.

As more companies begin to accept the inevitability of data breaches, it is critical to be prepare for when a breach occurs. Use these seven tips to build an effective incident response plan for timely recovery.

In today’s threat environment, taking a data-aware approach to security is critical to protecting against sensitive data loss.

Learn about the different types of phishing attacks as well as how to recognize and avoid falling victim to phishing scams in our series on the fundamentals of data protection.

The beauty supply store acknowledged today that it was the victim of yet another data breach – the second in as many years. But where does one incident end and another begin?

Due to their size, enterprises have many security issues to consider when establishing a comprehensive data security strategy. One security need that is especially critical for larger companies - because they typically have many employees and large volumes of sensitive data - is proper data leak prevention. As a provider of data loss prevention solutions to many enterprise companies, we wanted to learn more about some of the most common (and avoidable) mistakes companies make when using data leak prevention tools. To do that, we asked a group of data security experts this question: "What's the biggest mistake companies make in purchasing and implementing data leak prevention tools?" See what our experts had to say below: Meet Our Panel of Data Security Experts: Mike Meikle Carlos Pelaez Anatoly Bodner Hitesh Dev Reuben Yonatan Bill Ho Brian Dykstra Paul Caiazzo Rich Silva Darren Guccione Michael Fimin Paul Kubler J Wolfgang Goerlich Paul Hill Carl Mazzanti Dave Blakey Luke Moulton Mark Stamford Dan Nelson Sorin Mihailovici Mike Meikle @mike_meikle Mike Meikle is Partner at SecureHIM, a security consulting and education company that provides cyber security training for clients on topics such as data privacy and how to minimize the risk of data breaches. He has worked within the Information Technology and Security fields for over fifteen years and speaks nationally on Risk Management, Governance and Security topics. He has presented for Intel, McAfee, Financial Times, HIMSS and for other Fortune 500 companies. He is also published writer with articles that have appeared in American Medical News, CNBC, CIO Magazine, Los Angeles Times and Chicago Tribune. He holds a Certified Information Systems Security Professional (CISSP), a Project Management Professional (PMP) and Six Sigma Green Belt. There are two big mistakes companies make in purchasing and implementing data leak / data loss prevention tools... The first is the lack of a data inventory and audit before a data loss prevention (DLP) tool is purchased. If a company does not know where its data resides, who its owners are, whether the data it stores is critical or non-critical and what data security regulatory requirements must met, then procuring and implementing a DLP tool before all these questions are answered is a path to failure. The next mistake that is commonly made is to treat the implementation of a DLP tool as a technology project, not a business program. When an enterprise commits to the implementation of a DLP product, it must realize that the hard work begins once the tool is in place. Data will have to be discovered, classified and categorized based on a variety of factors on an ongoing basis. It will move from a project to a long-term program that must remain staffed for the life of the product. If this is not done then the tool will eventually fall into disuse as staff is reassigned to other initiatives and executives place other priorities on the information technology department. A DLP tool and its program must be aligned with the business and have a business owner for it to be successful. Carlos Pelaez @talktolcp Carlos Pelaez is the National Practice Leader of cyber security firm Coalfire Systems Inc.'s practice area focused on serving Service Organizations and Internal Audit departments. He provides the framework and methodology to local audit teams so that they may be well equipped to validate compliance and cyber security needs for cloud based solutions. The biggest mistake companies make in purchasing and implementing DLP tools is that... They do not have an extensive inventory of their assets and data flows. These are key because if you do not know all the servers, firewalls, and computers that you have in your inventory, how will you know where to prevent the leak? If you do not have a comprehensive view of the data flows of critical information in your IT environment, including the network and system jumps, how will you know what data is worth monitoring? Companies forget to do the basis: complete a comprehensive inventory of all assets and map out all your data flows. These are not only a best practice, but a pre-requisite to maximizing your ROI when purchasing and implementing DLP tools. Anatoly Bodner @anatolybodner Anatoly Bodner is an industry-recognized information and infrastructure security professional, subject matter expert and event speaker. Anatoly currently serves as the Information Security Officer and Director of the Data Protection Practice for NTT Com Security, a global security consultancy organization. The biggest mistake we regularly see organizations make when making a purchasing decision on data protection technologies, including DLP, is... Making a product decision without taking the time to define their data protection strategy and develop core technical and business requirements and environmental considerations. My team engages with clients across different points of their data protection lifecycle, and we frequently see organizations making a reactive decision to acquire DLP technologies, and base their purchasing decision on either existing vendor preferences or pure pricing considerations. When companies don't take the time to learn and understand the pros and cons of each technology offering against their core technical and business requirements, it frequently ends up back-firing. Selecting a solution that doesn't fit their core requirements can result in short and long-term technical integration and reliability challenges, high operational overhead, and missed business expectations. Hitesh Dev Hitesh Dev is President of CMIT Solutions of Reston-Herndon, the small business IT support and services company for Reston, Sterling, Herndon and Great Falls, Virginia. As per my experience the 2 biggest mistakes companies make in purchasing and implementing DLP tools are: Not picking a tool specific to your domain. It is very important to pick a data loss prevention tool specific to the industry domain. For example, medical establishments are liable to hefty fines as per the HITECH act. Picking a tool with an inadequate rules/policy engine. A good DLP tool should have a strong policy/rules engine since most of the business value brought by DLP is driven by their processes, policies, and rules. Reuben Yonatan @reubenyonatan Reuben Yonatan is the Founder and CEO of GetVoIP - a comparison resource for cloud communication solutions. His writings blend commentary, research, and perspective on software trends, business strategies, and enterprise communication. The one mistake that many companies make in implementing data leak prevention (DLP) tools is: TOO MUCH DLP. Yes, there is such a thing. Hear me out. You've undoubtedly heard the story of the boy who cried wolf. Well, you can cry wolf on your DLP too. Here's how:

Learn about insider data loss and get tips for preventing data theft in Data Protection 101, our series on the fundamentals of data security.

Sales and marketing are at it again! The competitive nature at Digital Guardian has led to a friendly video competition between our sales and marketing teams.

Learn about device control technology and how to implement device control solutions in your security program.

Data security is a critical part of doing business for law firms. We asked a group of lawyers what technology and processes they have in place to protect clients' sensitive information.

FCC is on the data breach case, fining AT&T $25M for an insider data breach that took place from 2013-2014.

RSA is nearly here, so check out my top 10 tips for getting the most out of your conference experience!

Email encryption defined in Data Protection 101, our series on the fundamentals of data security.

The insider threat is something that every company must deal with, but effectively mitigating the risk of insider data theft can be difficult. Follow these 5 steps to drastically reduce the chances of insider theft at your company.

Learn more about data exfiltration and methods for preventing data loss in Data Protection 101, our series on the fundamentals of data security.