Data leaks happen, and sometimes, no matter what you do, they are inevitable. That said, you should always do what you can to protect and secure your interests and, more importantly, your sensitive and personal information. When it comes to managing a business, you have the sensitive data of your customers, clients and employees to worry about as well.
Since data leaks can come from a number of different sources, it can be difficult trying to plug up all the holes. Leaks can happen due to network or database intrusions, employee security breaches or negligence, unsecured web and email browsing and more. That’s exactly why you should be doing everything in your power to prevent information loss. There are so many vulnerabilities that if you don’t stay on top of them, you’re just going to fall by the wayside.
To offer some guidance, we compiled a list of tips that can help prevent data leakage.
Take Initial Preventative Measures
Good security is as much about preparation before an attack as it is about how you react after one. To better understand how you can prevent data leakage, you must first identify where it’s coming from and what that data is. For example, sensitive information and data can be contained in databases, emails, devices such as smartphones or PCs, web portals and much more. In addition, because there are many types of data, you might be better off treating each differently. Social security numbers or credit card information are much more dangerous in the wrong hands than, say, an email address.
You don’t want to treat all data the same, as you may need a separate set of controls or security measures for really important stuff. You can implement tools that will help scan where your data resides on a company network, such as the kind offered by Tablus, Reconnex and Websense. Sit down and plan out beforehand what kind of preventative measures you’re going to take to secure your data and network. Will you use data encryption? What kind of security systems are you going to install for internal networks and hardware? Which users will have access to the highest levels of sensitive data and who will be monitoring them?
This is also a good time to mention that you should always do a background check and personality profile on employees before giving them access to sensitive information. It is just as possible to have an internal breach as an external one.
Don’t Forget to Secure Back-End Connections
When security is discussed or implemented, it often pertains to front-end applications or software, the general network and select devices, but those are all relatively obvious. One area that’s often overlooked is related to back-end connections or administrative panels.
Through the use of a Virtual Identity Server or VIS, the same amount of security can be applied to back-end connections for any software application or network setup. It works similar to a firewall, with the exception that it filters and restricts data access as necessary. In other words, platforms and devices are given exactly the right permissions needed to operate — no more and no less. This helps prevent data leakage by limiting the amount of information being passed around on the back-end of a system.
Always Use Encryption
While encryption isn’t totally uncrackable, you’ll be a great deal safer with it than without. Sadly, a lot of companies and management teams feel that encryption is intrusive, thanks to slow-activating processes and complicated implementation methods. That doesn’t change the fact that you should be using it to protect any sensitive data or information you have stored, no matter how big your business is.
“Even if you’re a small business, you’re still subject to the Data Protection Act,” says Sian John, a security expert working at Symantec. “The law requires that you protect personal data from being stolen, misused or shared. If you have customer details stored on your computer, then using encryption allows you to say: ‘I’ve taken precautions to ensure that personal data doesn’t get lost.’”
Encryption can cause problems with gateway security products, but a way around that would be to employ encrypted transmission protocols for your network like SSH or SCP.
It’s always a safe bet to ensure that stored or transmitted data is securely locked behind an encryption key.
Monitor Network Access and Regular Activity
Once you have a digital security plan in place, that’s not the end of it. You need to have a properly trained security and IT team to monitor network access and keep an eye on regular employee activity. This not only ensures that employees are on the up-and-up, but it also helps you protect against leaks better because while monitoring a network, you can identify compromised channels and take action much faster.
A recent study revealed that 44% of employees share work-related devices with others without supervision, and 46% of employees admit they transfer files between work and personal computers when they are working out of the office. To drive that point home even more, 18 percent of employees share their private passwords with co-workers, allowing them access to their devices or accounts. All three of these scenarios could lead to compromised data in many forms.
It’s a good idea to monitor what’s going on with your network and what your employees are doing with their devices, especially if they are transferring files or sharing passwords. That includes allowing your security team the right amount of leverage and controls to deny access to users, both foreign and domestic, in the event of a problem.
In a situation like those described above, your security team either needs to take action by revoking access from the infringing user(s), or said users need to be educated further on how their actions could compromise the company. It is possible for a third party to take advantage of an employee’s negligence in order to gain access to sensitive data without their consent. Your employees should be made aware of this fact, and they should be trained to help prevent it.
There are tools — from vendors such as Vericept, Oakley Networks, Vontu and more — that can monitor outgoing traffic on a network and flag suspicious activity. They can inspect channels like email, web browsing, FTP applications and even peer-to-peer file-sharing software for infringing data. When someone is identified, the tools will notify the appropriate authorities so they may take action. If your business operates a large-scale network or you have a great deal of employees, it might be easier to go with an automated monitoring system such as this.
Either way, you need to pay close attention to what’s happening on your network and how data is being used by those who have access to it. Without doing this, you’re leaving yourself open to attack.