Online Chat/Forms

Veritas published a report in 2021 that indicated 71% of employees admit to sharing sensitive and business-critical data using Instant Messaging and Business Collaboration Tools (https://www.veritas.com/en/aa/news-releases/2021-03-10-71-percent-of-employees-globally-admit-to-sharing-sensitive-and-business-critical-data-using-instant-messaging-and-business-collaboration-tools-according-to-new-research-from-veritas).

The inappropriate use of Messaging Applications has resulted in fines of ~$2 billion being issued (https://fortune.com/2022/09/27/wall-street-fines-employee-use-of-whatsapp-unauthorized-messaging-apps/).

Many online services utilise online/chat capabilites such as: -

https://www.linkedin.com/
https://www.facebook.com/
https://web.whatsapp.com/

Using Cybersecurity controls to block access to online resources based upon Categorisation, Deny Lists, Firewall rules etc is not effective as Data Loss Prevention technologies.
For users who have the capability to use online forms/chats, the use of this upload method demonstrates they can easily move sensitive/confidential data outside of organisations.

Supporting online chat/messaging technologies increases the scope by which data can be transferred out of organisations, and the associated likelihood of a Data Loss risk event occurring must be considered.
The impact of a Data Loss risk event will depend on the content and amount of information that has been uploaded via online Forms/Chat.

Use DLP-TEST to assess: - 

- Coverage of DLP Technologies to detect data being uploaded via online Forms/Chat.
- Capability of DLP Technologies to accurately detect sensitive/confidential data being uploaded via online Forms/Chat.
- Ability of DLP technologies to ignore data being uploaded that is NOT sensitive or confidential.