Data Leakage

What is data leakage? This term can be taken literally — when data has been leaked outside of the organization, but usually without consent. There are three different types of data leakage: accidental breach, by disgruntled employee, or by someone with malicious intent.

Accidental breaches occur more often than expected. In Layman’s terms, it refers to when data is accidentally sent outside of the organization to someone that should not have access. It can be anything from sending it to the wrong recipient on an email, leaving documents at a coffee shop, or misplacing a USB outside of your workplace. Unfortunately, most of data leakage is due to accidental breaches. Proper employee training and policies should be implemented in order to proactively protect important data.

Second type of data leakage is done by disgruntled employee. This is considered the most dangerous type of data leakage because the employee might already have access to the data. Even if the employee did not have direct access, it will be easier for the disgruntled employee to gain access since he or she is already part of the organization. Along with proper employee training and implementing policies, employees should be monitored regularly to make sure in order to prevent the situation from happening.

The last type of data leakage is done by someone with malicious intent. This is the reason why cyber security is so important. Having proper defense lines in the organization’s network in order to defend against malicious actors can include using IPS/IDS, firewalls, SIEM tools, access management, etc. This may also happen through physical actions by using social engineering to manipulate an authorized personnel to gain access to data as well. Again, I cannot emphasize the importance of proper employee training and use of S&P, and even forming an incident response team in order to react when certain situations do occur.