Every company stores data that it considers valuable or is covered by strict privacy requirements. Obviously, organizations must do everything to protect this data against any abuse or unauthorized use. A data breach not only results in direct financial damage for the organization, but also leads to loss of reputation. And now, with new legislation in place, companies can face heavy fines if personal data falls in the hands of hackers and those affected aren’t notified.
According to the Verizon Data Breach Investigations Report, 20 percent of all data breach incidents come from insiders, and because these insiders have company knowledge and already have network access, they can do more damage than a hacker, which might now know where to look for confidential information. Of course, not all data leaks are deliberate actions and in fact, the data breach phenomenon occurs in three variants: unconsciously, deliberately and intentionally by internal end users through an (external) hacker.
It can happen that an employee makes a genuine mistake and sends confidential information to someone outside the organization. However, in the other two instances the breach is done for monetary gain or to intentionally inflict harm to the organization. Company information can be very interesting for direct competitors and a hacker can easily blackmail an organization by threatening to disclose confidential data or hijack it.
In a separate study, commissioned by IBM by the Ponemon Institute, research shows how in 2014, the average cost of a data breach rose to a whopping 3.8 million dollars – an increase of 23 percent over 2013 figures. The report also said that it takes large companies, on average, 256 days to discover a breach and sometimes this is because there is an attempt at extortion. A hacker will thank you for not reviewing your logs so while it’s important to keep logs, it is completely useless to have them if these aren’t checked on a regular basis.
Not all is lost, and there are a few tools you can have in your arsenal to help you prevent data leaks. One key to stop data leaks is e-mail. You need a solution which can be configured to send alerts (or if you want to be ruthless block) certain emails which look suspicious – because they contain things such as credit card numbers – or are larger than a specified size.
Email is also an attack vector when it comes to malware and phishing, two things hackers use to get unauthorized access through company’s employees. Since most malware and phishing is delivered through spam, you will need a solution which has a high spam catch rate which produces no false positives, and to make sure nothing gets in, the more AV engines helping the solution the better the results.
Besides e-mail, data can be taken out of the company through the use of devices such as USB drives, portable hard drives, and mobile devices, make the copying of data easy. The BYOD phenomena has increased the risk of data leakage and businesses need to employ solutions which help them control the information that travels across their endpoints.
Another way to carry data out of an organization is through web services such as Dropbox and Google Drive. These services give the ability to move large amounts of data so it is important to also use web monitoring software to either block access to these websites or monitor any suspicious activities.
Finally, it is obviously important that every employee is aware of the importance of the correct and responsible use of IT. With a coherent approach and the right tools, data leaks – and all associated damage – can become a thing of the past.
Melanie is Digital Content Specialist/Editor at GFI Software. An eager blogger, fiery tweeter, and avid reader, Melanie is a self-confessed geek who finds solace in online FPS games.