nformation leakage is a serious danger for many enterprises. It can occur as a result of the intent of third parties or due to the negligence of employees. The deliberate organization of the leak is carried out with two goals: the first of them is the damage to the state, society or a specific enterprise, this goal is characteristic of the manifestations of cyber terrorism; the second goal is to gain competitive advantage.
An unintentional leak occurs most often due to the carelessness of the organization’s employees, but can also lead to serious adverse consequences. The creation of a system for protecting information assets from loss in companies of all types should be carried out at a professional level, using modern technical means. For this, it is necessary to have an idea of the leakage channels and how to block these channels, as well as the requirements for modern security systems.
The channels of confidential information leakage can be divided into two large groups: malicious abduction (including insider risks) and leaks due to negligence or oversight of personnel. Practice shows that the vast majority of cases of leakage of confidential information were the result of employee errors when working with data. This does not mean that the insider threat and industrial espionage can be discounted, just the proportion of such incidents is very small. If we talk about specific channels of information leakage, then the most relevant for the last two to three years can be called the following:
- loss of insecure storage medium (flash drive, external hard drive, memory card, CD or DVD disc, laptop);
- accidental infection of the workstation with spyware (via unprotected access to the Internet or by connecting infected USB devices)
- technical errors when processing confidential information and publishing it on the Internet;
- lack of restriction of employee access to confidential data;
- cyber attacks on data warehouses (hacker attacks, malicious infection with viruses, worms, etc.).
So, how to secure your business from this kind of problem? Well, first of all, you should train your employees. Most of the people don’t take the risk of the informational breach too serious. So, try to tell your employees about the importance of information security and make it as a separate topic.
Second of all, always check on your people. Be more serious about hiring workers and treat them better. When employees know, that their boss needs them and respects them, the risk of their future “betrayal” decreases significantly.
And, of course, programs. To protect against data leakage in the information security industry, a variety of information leakage protection systems are being created, traditionally referred to by the abbreviation DLP (Data Leakage Prevention). As a rule, these are the most complex software systems that have wide functionality to prevent malicious or accidental leakage of classified information. A feature of such systems is that their correct operation requires a strictly debugged structure of the internal circulation of information and documents, since the security analysis of all actions with information is based on working with databases.
But not all of the businesses have enough money to buy set up those systems. Now, there will be a final advice: don’t try to protect all the information. Choose only the most valuable one.
