IT News by Anthony Ricigliano: The topic of data leaks has been making headlines in the world of IT professionals for some time now. With each passing year, it seems that more ways are being found to punch holes in security systems from both external and internal sources. As more companies become more conscious of their potential security risks, those seeking to circumvent the system are busy finding new ways to thwart their efforts to secure their data.
One of the easiest ways for even amateur hackers to gain access to your data is from emails sent by your employees. Perhaps an employee makes an inquiry by email regarding the availability of an item needed for the office. The vendor replies with a quote, and your employee responds with an email containing the company credit card number. By the time it is discovered that the number has been leaked, there can be thousands of dollars charged to the company card, requiring many hours to rectify.
Perhaps the company has employees who work from home or travel. Documents sent via email that contain information on an upcoming bid structure and amount can fall into the hands of the competition, who can then undercut your bid. Discussions of proposed acquisitions can destroy all chances of the purchase.
Your customers might innocently request that confidential information be sent as an email attachment. Perhaps you are an accountant, and the client would like to review his tax returns before you file them. He may request a list of his prices under a competitive pricing agreement that would create ill will among other customers if they knew he was receiving preferential pricing. The client can also initiate the data leak by emailing you information such as his social security number or bank routing information.
Many employees routinely email files to their personal email accounts so that they can access the data from home. This may be legitimate, as when he or she merely wants to work over the weekend or needs instant access to data when out of the office. However, it can also be a case of an employee providing the information to your competition.
Your employee data security can also be compromised easily. An email attachment of your employees’ names, home addresses, and phone numbers can be an issue if intercepted by an unauthorized user. If you add the employees’ social security numbers, birth dates, or anniversary dates, virtually everyone on the list is at risk of identity theft.
Fortunately, there are ways to prevent data leaks. The first step requires almost no expense and is simply a matter of implementing policies designed to protect your company’s information. Establish policies on who can connect, when it is allowable, and from where they can connect. Forbid logging in from public computers, such as Internet cafes or airport kiosks. Define a policy for file transfers to removable devices such as laptops, disks, or memory sticks. Include an audit trail so that you will be able to track who has downloaded what. Create a list of approved devices to help prevent hackers from downloading data.
Encrypt files at both the file and disk levels. Files that are encrypted while they are in motion are less likely to be of any use to a hacker even if intercepted. It also allows you to monitor your most sensitive data and see where it has been and who is accessing the files.
Establish a secure perimeter around your network. All data being sent out should be scanned for patterns or keywords that could identify a potential leak of sensitive information. If a match is found, the system can block the transmission.
Think of the business world as a desert through which you must navigate if you are to be successful. Now imagine that your company data is the bottle of water that will keep you going on your trek. As long as the bottle remains intact, you will be able to use the contents when needed. If it begins to leak, however, you are losing the lifeblood of your business. Other denizens in the desert can use the water you lose to sustain their own existence. They may be scavengers seeking an easy drink or predators out to cause you serious harm. Either way, your loss is their gain. Once the contents of the bottle have been leaked, the water is contaminated, and even if you can scoop it back into the bottle, you are likely to get a great deal of debris you do not want.