What is Data Leakage and How to Stop It?

What is Data Leakage and How to Stop It?

With the pandemic giving no leeway and mandating work from different geographical locations, there have been many implications of this new style of remote working, both positive and negative. The BYOD policy^[1] and accelerated use of social media and instant messaging^[2] have exacerbated the ease with which sensitive data can be leaked out of your organization. 

Data leakage is a legitimate concern with sensitive data existing on USB sticks, hard drives, smartphones, tablets, etc. This blog aims at outlining the basics of data leakage, data loss prevention^[3] (DLP), and ways to craft a DLP program for any organization.

What is Meant by Data Leakage?

The intentional or unintentional breach of data security, resulting in unauthorized access to sensitive data by third-party platforms. Data breaches can be inclusive of Personally Identifiable Financial Information, such as credit card and debit card details, trade secrets of organizations, intellectual property, Personal Health Information (PHI), etc. 

Data security breaches can prove to be like a nail in the coffin, financially for any organization. It involves a plethora of direct (such as investigation, remediation) and indirect costs (engendering online security to victims whose data has been compromised, reputational damages), etc. The average cost borne by a company due to data breach globally is $3.92 million.^[4]

Basics About Data Loss Prevention (DLP) Strategy

DLP refers to an all-inclusive strategy that predicts and prevents potential data breaches by observing, capturing, and blocking sensitive data that is either in use (endpoint actions), at rest (data storage), or in transit (network traffic). 

There are three potential ways by which data can be intercepted.

1. At rest- Data is leaked from avenues such as databases, laptops, smartphones, desktops, etc.
2. Data is captured in motion from avenues such as network traffic, IM, email, etc.
3. In usage- Data is obtained from platforms such as USB sticks, clipboards, printers, screenshots, etc.

Data leakage control can only be initiated once we have a clear picture of the data categorized in different classes mentioned above based on sensitivity. Once you understand the data at stake and associated risks of leakage, you can only draft a workable DLP strategy.

Ways to Secure Sensitive PII (Personally Identifiable Information)

The story of Target’s and Equifax’s data breach is enough to stop the heartbeats of any IT department globally. Your data security, no matter how secure, is only as strong as its weakest link. A weak password or username, or unencrypted data, as in the case of Equifax, or a third party instigated intrusion like what happened with Target can prove to be a significant chink in the armour.

Every business that has an online existence, which is most of us, are susceptible to losses caused by data leaks – presenting five must-follow ways to prevent the cookie from crumbling. 

Prioritize and categorize the data

The first step towards chalking out a successful and implementable DLP strategy is to classify the data according to priority. Pinpoint the data which is of maximum value to your organization and whose loss can prove to be a major setback for your firm.

If you are a company that is into providing healthcare services, you would want to prioritize the security of PHI data. If you are into manufacturing, you would like to secure the intellectual property rights of designs. Thus, the data to be prioritized varies according to the need of the specific industry. Create simple classification tags regarding who created the data, where it is being stored, and its entire trail from start to finish.

Restrict access and observe activity

Both these steps can help catch the thief before he/she lays out his/her traps. Employ the principle of least privilege while granting access permission to employees. Give them access to only the fields they need to access daily. It can also serve as a red flag for the employer if the employee starts asking for access to sensitive data or seeking other permissions. It can be a sign of hacker activity or a compromised account.

Another method can be to actively monitor traffic flow across organizational networks using the DAM (Data Activity Monitoring) solution. DAM focuses on monitoring database activity while DLP targets endpoints and networks. Make use of simultaneously to enable a layered approach to eliminate data leakage threats by identifying potential breaches remotely. 

Make use of encryption

The holy grail of data security involves the conversion of plain text into ciphertext so that the data is rendered unreadable in the event of a breach. You should consider installing an SSL certificate on your website if you have not already done so. The question here pops up in mind about the type of SSL certificate suitable to you. For example, suppose you wish to encrypt first-level sub-domains as well. In that case, you should consider installing a wildcard SSL^[5] certificate like RapidSSL Wildcard Certificate^[6], Comodo Wildcard SSL^[7], etc.

Filter email content

People use emails to transfer loads of data. Ensure that your employees do not send sensitive information to third parties using deep content filtering and monitoring technology. Email attachments, texts, and images can also be scanned similarly to warn of potential leaks. 

Spread awareness amongst employees

Ensure that your employees are trained sufficiently well on data security during onboarding to know which behaviour is acceptable and which is not. 

Conclusion

An intricate combination of using intelligent firewalls, DAM and DLP strategies, and endpoint security tools, along with minimized access, can ensure that the risk of data leakage can be drastically reduced. Knowledge is empowerment, and data security protection is no different! Stay safe, people.