Data leakage, simply put, is the unauthorized transfer of information from a computer inside of your organization to somewhere (or someone) outside of your organization. The key word here is "unauthorized." As a business professional, your information is the center of your world. Making sure your physical and electronic information repositories are secure is of the utmost importance to your success.
Whether you store your information in paper form and/or you have electronic files onsite, offsite or in the cloud, you want to be sure your data is accessible, reliable and secure. The real problem with data leakage stems from the word "unauthorized". What exactly is "unauthorized"? And how do you know this has happened and then further, how do you prevent it?
With all of this in mind, here are four key tips on how to prevent the unauthorized transfer of your information.
1. Implement a Permissions-Based Data Management System
If you make all of your data available to all of your employees, you increase the risk of information being lost or “accidentally” sent outside of your organization inappropriately. Interestingly enough, statistics show that most data loss is NOT the result of an outside hacker, but instead, it's through the illegal or careless management of information by an (internal) employee.
Limiting data access to only specific employees who require it as a part of their daily job duties minimizes your exposure. Further, segmenting data to only those who "need to know" along with the appropriate written policy helps employees knows that they will likely be held responsible for loss of specific records. At the same time, the “ethical wall” will limit the amount of intellectual capital they can access.
2. Be careful with file sharing systems
Microsoft OneDrive, Dropbox, Box, and AnchorSync are all examples of file sharing programs. In all actuality, these are really file "syncing" programs. This means that copies of the files are saved on the local machines. This presents one of the greatest challenges to securing systems, data, and the like. This leads to our next item...
3. Consider Encryption of Data in Motion
In most organizations, information is constantly being retrieved, shared internally, sent into the business and pushed back out again. You should look for ways to:
- strengthen your network security perimeter
- secure use of cloud and on-premise business applications
- encrypt outbound email correspondence
- secure mobile devices and applications
Ensure that you have clear communications with your employees on the sort of data which can be shared externally and the approved file storage applications for client data. Be vigilant about removing access to sensitive information when an employee leaves - whether voluntarily or due to termination.
4. Secure Data at Rest
Ensure encryption is used to secure sensitive information stored on:
- Laptop computers
- USB drives
- Mobile devices
- Internal databases
- File share drives and applications
- Employee home desktop computers
All of these scenarios can lead to data leakage. Beefing up your security through adopting these safeguards can save your company from losing valuable data:
- Endpoint security applications
- Host encryption
- Mobile device encryption
- Network/Internet storage systems that are enforced as the go-to data repository for all corporate files
- Physical media control
- Physical and electronic disposal, deletion, and destruction policies and schedules
- Web content filtering for governance of website access
- Conduct regular vulnerability management scans and penetration tests of your network
5. Acceptable Use Policy
Beyond technology systems to protect your firm, your organization should have an Acceptable Use Policy and you should make sure your employees are held accountable to it. This is where you can outline how corporate computers should and should not be used. Include a section on creating device passwords and regularly scheduling password changes. You can add a section on mobile devices, whether firm owned or personal, and discuss proper use.
In addition, social media should be a part of your Acceptable Use Policy. Describe the professional manner in which the firm expects employees to behave. This section should cover authoring, commenting, and sharing blog posts as well.
And finally talk about restrictions on removing portable media and any hardcopy records from the office.
Technology can assist in preventing a great deal of data leakage. However, employees and executives must commit to practices that protect information from being sent out voluntarily. The Online Trust Alliance, a non-profit organization that helps businesses to establish information risk management and governance best practices, said that ninety percent of the incidents of data loss were preventable.
Organizations need to take a proactive, hands-on approach to preventing loss of sensitive client and corporate data, also known as Data Leakage.
Have you been impacted by data leakage? Have you found that sensitive information has gotten out or worse yet, gone missing? Have you discovered a strategy that is particularly helpful in stopping data leakage from your Organization? Tell us about it in the Comments section below or feel free to send me an email to discuss in more detail.