IT & Business Infrastructure- Home
- Information Technology
- Data Leakage - Look Within The Castle First, Then Outside
Data Leakage - Look Within The Castle First, Then Outside
- By Dan Schutte
- Published 03/11/2008
- Information Technology
- Unrated
A lot of effort and expense in Internet security is directed towards 'keeping the bad guys out'. This is half the solution. What is overlooked, and equally critical, is how to keep the important data within. Internet content security is about keeping the 'bad stuff' on the outside of your network. Data leakage is concerned with keeping the 'good stuff' on the inside. Who are the primary culprits on data leakage - your own staff. Read on to see how leaks can occur and what measures you need to be taking to manage your environment.
What is Data Leakage?
There are two primary data leakage elements to be concerned with:
1. What data you should protect and
2. What constitutes a leak?
Data that is sensitive, or the 'good stuff', covers a range of corporate assets such as:
Intellectual Property (IP) - company secrets, product designs, mathematical formulas, research papers, source code, patents, schematics, recipes, proposals, reports, etc.
Commercial Information - financial reports, employee payroll, contracts, business plans, acquisition targets, product and marketing launch plans, budgets, customer databases etc.
Confidential Information - patient health records, customer financial information, legal contracts, employee resumes and agreements, reprimands, pre-release reports, etc.
How Does Leakage Occur
Emailing data to the wrong recipient or attaching the wrong file to an email.
Deliberately emailing client information to competitors by an employee.
Disclosure of confidential information.
Emailing confidential information in an un-encrypted format.
Internal staff using webmail or email that is not screened to discuss confidential subjects outside.
Data Leakage Is More Common Than You Expect
The issue with data leakage is not how common it is, but its severity, the nature of the data and how it has been leaked. With the span of data and the conduits for 'leakage', almost every company can attest to an incident of an internal security breach - willful or accidental. These breaches include loss of information and Intellectual Property theft. Interestingly, the majority of incidents came from inside their organizations.
One IDC study from late 2007 shows that 84% of all data leakage incidents can be attributed to employees. And the methods for stealing data increase - Blackberries, USB key drives, torrent uploads, and instant message file transfers. Companies should be more prepared than ever to monitor and control these activities.
What does Data Leakage look like when it is discovered?
Here are some recent media stories. Imagine putting your company name in place of the one listed. For example,
Apple suffered significant embarrassment after two employees revealed secret new product information on their personal
in or add content to a blog.What is Data Leakage?
There are two primary data leakage elements to be concerned with:
1. What data you should protect and
2. What constitutes a leak?
Data that is sensitive, or the 'good stuff', covers a range of corporate assets such as:
Intellectual Property (IP) - company secrets, product designs, mathematical formulas, research papers, source code, patents, schematics, recipes, proposals, reports, etc.
Commercial Information - financial reports, employee payroll, contracts, business plans, acquisition targets, product and marketing launch plans, budgets, customer databases etc.
Confidential Information - patient health records, customer financial information, legal contracts, employee resumes and agreements, reprimands, pre-release reports, etc.
How Does Leakage Occur
Emailing data to the wrong recipient or attaching the wrong file to an email.
Deliberately emailing client information to competitors by an employee.
Disclosure of confidential information.
Emailing confidential information in an un-encrypted format.
Internal staff using webmail or email that is not screened to discuss confidential subjects outside.
Data Leakage Is More Common Than You Expect
The issue with data leakage is not how common it is, but its severity, the nature of the data and how it has been leaked. With the span of data and the conduits for 'leakage', almost every company can attest to an incident of an internal security breach - willful or accidental. These breaches include loss of information and Intellectual Property theft. Interestingly, the majority of incidents came from inside their organizations.
One IDC study from late 2007 shows that 84% of all data leakage incidents can be attributed to employees. And the methods for stealing data increase - Blackberries, USB key drives, torrent uploads, and instant message file transfers. Companies should be more prepared than ever to monitor and control these activities.
What does Data Leakage look like when it is discovered?
Here are some recent media stories. Imagine putting your company name in place of the one listed. For example,
Apple suffered significant embarrassment after two employees revealed secret new product information on their personal
Many blogs provide commentary or news on a particular subject; others function as more personal online diaries. A typical blog combines text, images, and links to other blogs, web pages, and other media related to its topic. The ability for readers to leave comments in an interactive format is an important part of many blogs. Most blogs are primarily textual, although some focus on art (artlog), photographs (photoblog), sketchblog, videos (vlog), music (MP3 blog), audio (podcasting) and are part of a wider network of social media. Micro-blogging is another type of blogging which consists of blogs with very short posts.
'); return false">Blog sites.
A statistician employed by the Palm Beach County, Fla., health department inadvertently emailed his colleagues the names of 6,600 locals known to be infected with HIV and AIDS. This was a serious breach of the Federal laws on handling patient information and ensuring patient privacy.
Honeywell International Inc. says a former employee has disclosed sensitive information relating to 19,000 of the company's U.S. employees.
What are the Costs of Data Leakage?
The costs can span many areas. These can be anything from public embarrassment to financial loss, reduced stock equity, loss of competitive advantage or even criminal investigation and prosecution. In the case of Apple, where their employees revealed product information before it was released, the company's share price plummeted after the leak was revealed. The company was forced to fire the employees involved, resulting in embarrassment, lost productivity and legal costs.
In the incident with the Palm Beach health department, the apparent violation of the Healthcare Insurance Portability and Accountability Act (HIPAA) could result in prosecution. When the action damages an image or reputation, the financial costs of data leakage are very hard to quantify.
In more tangible matters, like IP loss, a damage assessment can probably be compiled. Consider a hypothetical scenario, where a company's new MP3 player designs and specifications are leaked to a competitor before it is launched. This breach could undermine the company's entire business and lose millions of dollars in revenue. Imagine if the Ipod design was leaked - what would this mean to Apple in lost opportunity. The damage can be embarrassment, loss of professional reputation and possibly boost in the competitor's market advantage.
Conclusion
Data Leakage is real and it starts on the inside. We often spend so much time building a wall around our enclaves that we do not consider risk internally. Unfortunately, real incidents are telling us we should look inward first and then outward. How secure do you feel about your data leakage prevention efforts?
We work with companies to assure their data and messaging is in compliance and secure. Our solutions are state of the art, quick to implement, cost effective and provide the comfort to know your data is secure. A phone discussion with our staff is a great way to assess your environment and what would be the best action plan. Visit our website http://www.enclavedata.com to learn more.
You have the responsibility to maintain your company's digital environment. With the right tools, you can now also have the control to assure compliance and protect your company's assets.
Leakage involves distribution methods where data could be released - accidentally or stolen. Examples can include: