Have you sprung a data leak? – 4 key ways that data can leave your business without you realising it
Despite your best efforts and strict adherence to security policies and best practices, no business’s data is 100% secure.
Even the most secure system can have vulnerabilities that you haven’t considered, and it pays to think about some of the more unlikely scenarios that could be opening you up to a data leak. In this article, we’ll take a look at just a few of the key ways that data could be leaving your business without you even realising.
Several high-profile incidents have shed light on the possibility of data leaks through mobile applications – particularly in the case of Facebook. Even without user accounts being breached, it can be hard to gauge the security of a third-party app and know exactly what data it, or any mobile malware, is transmitting or accessing on staff mobile devices.
There are applications available to monitor what devices are transmitting, and tools like Microsoft’s Azure suite can encrypt business data that might accidentally be leaked. In the wake of big breaches in recent years, it’s worth checking the security credentials of any app providers that you work with and the security of your team’s mobile devices.
Though the security of user accounts is usually protected by password strength requirements and stringent user access controls, they can still be a point of weakness if not used correctly.
As an example, staff members could be giving their credentials to team members, allowing people access they shouldn’t have, they could be leaving themselves logged in while away from their desk or while in third-party-facing positions, again giving people access to data they shouldn’t have.
User accounts can be a weakness if not properly controlled too. While password requirements and access controls provide a lot of flexibility, they do need to be configured correctly to work. If the accounts of former staff members aren’t dealt with correctly they can be a point of weakness too – particularly if the former employee is tempted to attempt access your system once they’ve left.
In a similar vein, employee behaviour, whether careless or malicious, can undo even some of the toughest security plans.
Physical data loss is a perennial threat, from the leaking of printed hard-copy data to misplaced USB drives. While it can be hard to prevent someone from losing or stealing something physical, you can protect the data within through encryption and, again, tools like Azure.
Employees who willfully leak data can often be discovered using encryption tools too. Microsoft’s ARM can track data access and transfer, giving you a good idea of where digital leaks are coming from, while the same tools can also prevent the use of that data even if it’s physically transferred.
Education can go a long way to plugging any accidental employee-related gaps in security too. Having a good understanding of IT security, or at least a briefing on how to keep devices secure could save you a lot of time and money just for the cost of a quick training session.
Finally, it’s often the case that systems you think are secure simply aren’t. From poorly-configured VPNs that leave data transfers open to attack, or access controls that aren’t strong enough for the threats you face, an attack can come from any angle even if you think you’re protected.
The best remedy for this is a regular and thorough security audit. By routinely assessing your security, staying up to date with patches and best practice, and even engaging third-party auditing services, you can guarantee that you’ll find and fix any old or new weaknesses that appear.
For more on this, be sure to check out our piece on unlocking the D.N.A of your mobile security.