Are you at risk of leaking data?
We see the headlines on a regular basis, ‘…details of any Australian for sale on darknet’, ‘Personal details of world leaders accidentally revealed…’ These regular occurrences highlight a major problem facing todays businesses, a problem which only continues to grow.
It is hard to measure the cost to a business once an incident has occurred. Damage can go well beyond monetary values and often the biggest damage to a business can be one of reputation, with customer data making up 73% of leaked information (based on publicly disclosed breaches).
An IBM survey suggests that the average estimated cost is around 2.6 million dollars for a business to recover from such an event.
However, the question shouldn’t be ‘how much would it cost to fix’, the question is how do we prevent data leakage?
First let’s get an understanding of the leading causes of data leakage and the types of data involved.
The threat of data leakage can be split into two categories, Internal threats and External threats. As you would have guessed, Internal threats are made up of employees, contractors, business partners and others with insider access. External threats are usually cyber criminals, hacktivists or competitor sponsored attacks. It is necessary to identify that there is some middle ground, where someone inside the company can assist an external threat.
Although we have listed insiders as Internal threats, it is important to note that 96% of insider data leakages are caused by inadvertent actions often relating to malware, stolen devices and or failure to follow internal IT polices.
What’s the Solution?
The good news is that there are many technical solutions and products designed to mitigate these risks, both inside and outside the organisation.
It is imperative to build a sound strategy around data leakage, and below are key requirements for the most important aspect of Data Loss Prevention (DLP)
- Identify / Prioritise data – Not all data is equal
- Categorise data – Apply persistent classification tags to the data that allows tracking throughout the organisation
- Monitor data movement – Identify what processes put data at risk
- Communication and Policy – Develop polices surrounding DLP and acceptable use of company resources
- Employee Education – Employees often don’t realise that their actions can result in data leakage. A strong employee educational focus in conjunction with policies and procedures can reduce the insider data leakage risks in an organisation by up to 80%
For more information on Data Leakage or other IT Solutions contact us