Data Leaks: The Silent Attacker

Data leaks are increasingly becoming a challenge in security concerns with the unprecedented rise in communication mediums. Most data leaks are unintentional rather than deliberate, but can nevertheless cause irreparable damage to a company's clientele, reputation, or compliance requirements for maintaining confidentiality.

Despite the widespread implementation of security devices such as firewalls and data encryption, data theft is still a relatively common phenomenon. There are many causes of security breaches: one third of data leakages in the previous year occurred because of virus attacks and another third through frauds committed by insiders with access to high security data. Leaks can also inadvertently occur when, for example, an employee decides to take work home for the weekend and uses unprotected mail systems such as Yahoo! to access sensitive work information. HTTP and FTP links can also act as avenues through which your information can leave your premises without your knowledge.

There are a few strategic ways in which you can monitor your data to check for fraudulent or unintentionally subversive activities:

• Know where your confidential information is located. It is critical to know the locations of confidential information in your organization. Always ensure that you close access to these when a project is complete or when the files are no longer being actively used. This is also particularly a concern with removable storage, such as disks and pen drives.
  
• Keep track of how and where confidential data is transferred. Data often travels from person to person via electronic mail and other mediums. It's imperative to keep track of where sensitive data is being transferred and to monitor the channels of communication being used by those who have access to confidential data.
  
• Create standardized data security policies. Data leaks are not just a security concern, they can have an overall impact on your business and the quality of your work ethic. Standardized regulations or data distribution policies can help you guard your sensitive information so that it cannot fall into the wrong hands.
  

Many solutions are targeted toward incident response, but effective measures of prevention also need to be implemented to prevent incidents from occurring. All companies should consider acquiring more stringent methods of safeguarding their data and implement Security Awareness Training for employees to prevent unwarranted or deliberate leaks of information. For some companies, Data Leak Prevention resources are critical. For example, companies under compliance regulations or who regularly work with proprietary client-confidential data, companies that frequently outsource work, or companies with projects being conducted on offshore premises should definitely consider a professional data security package.

Data leaks do not always occur through technology breaches. Always use caution when giving out information about yourself, your clients or your employees over the telephone. Spammers or phishers often penetrate the defenses of their targets by posing as representatives of an organization such as a bank or government office. Managing your intellectual property takes considerable effort and constant monitoring. Never think that your company is too small or your information too irrelevant to be at significant risk of potential pharming or phishing attacks.

Prevention systems need to follow the three key strategies listed below in order to be completely effective. If one or more of these steps is not taken to ensure the protection of your data, you could find yourself the target of various forms of security breaches that could compromise your compliance to regulations or your business as a whole.

1. Discovery
   

   The discovery of sensitive data and its extant locations is the first key process in identifying your data security needs. This includes internal databases and possible avenues through which such information may be released or distributed. Even legitimate channels of distribution such as internal mail servers and intranets should be identified as carriers of sensitive data which are subject to breaches. Only when these mediums are identified can you efficiently create data protection policies and regulations and implement them successfully.
   

1. Monitoring
   

   Once mediums carrying confidential data are identified and the relevant policies have been implemented successfully, it is imperative that such channels be monitored around the clock. Professionally developed data leak prevention tools not only monitor your data, but also create reports so that you are kept constantly updated on the status of your information and its locations.
   

1. Protection
   

   Always ensure that your data leak prevention policies are mapped to the rest of your business processes. Automated regulation policies can monitor and control your databases and run real-time checks on your information to ensure that it is secure and to inform you of any breaches as soon as they occur. DLP tools can make you confident that your data is protected at all times, both when it is in use and also while it is stored.
   

One vendor in particular stands out. Websense provides data leak prevention solutions that can help you manage your databases and the fluidity of your information networks by enabling you to manage your information and the channels through which it is distributed. Websense can assist you in many ways, protecting your data and ensuring that you are the one in charge of who has access to your information:

• Websense uses state-of-the-art technology such as third generation fingerprinting; agentless, situational awareness and discovery of data networks to minimize and preempt threats of data leakage.
  
• Customizable policies and templates can be adapted to suit your needs, and tools, such as those that audit your business processes and monitor your proprietary data, (such as source code) may be implemented to significantly reduce risks.
  
• Protect and control your data with policy regulations, incident management and enterprise solutions that fit into your existing infrastructures.
  

Many providers of professional security data leak prevention systems offer free risk assessments. You might consider such a program to gauge the risks that your intellectual property and sensitive information are exposed to every day. By implementing data leak prevention tools, you can protect your data from external as well as internal leakage and ensure that your business processes run more smoothly.