How to avoid data leaks in the enterprise

Much attention should be paid to the threats of information leaks, because very often in the news feed you can find information about leaks of large companies’ databases. In order to protect yourself from this type of attack, you need to understand the reasons for it, analyze the risks and choose adequate measures to counteract the threats of information leaks.

Causes of data leakage

The main reason for data leakage is a social factor. It can be a lack of understanding and qualification of an information security officer, an employee who processes confidential information (for example, a teller at a bank), or intentional theft and communication of protected information into the hands of a competitor or other interested person for personal gain. Personnel is one of the most important factors in building a protection system against information leaks.

In order to properly build a protection system, it is necessary to cover all of its areas, such as administrative and legal aspects, as well as software and hardware for information security.

When building the system the choice of organizational and technical measures of information protection is carried out. Organizational measures are designed to regulate the functioning of information systems, the work of personnel, the rules of interaction between users with the system. These may include training and testing the knowledge of employees of the organization, measures to control information security, development of internal documentation, the organization of security mode, video surveillance system, access control and management system, and more.

The use of organizational measures alone cannot solve the problem of information security. It should be combined with technical means of information protection, of which there are a huge number today (access control tools, various scanners, firewalling tools, malicious code protection, DLP-systems, SIEM-systems, means of protection against unauthorized access, etc.).

The organization needs to properly delineate access to protected information, as they say, “granting minimum rights and permissions”. For each employee of an organization this differentiation will be quite reasonable because there is no reason to give a person access to information he does not work with. In the absence of adequate access control there is a risk of unauthorized access and, accordingly, its possible leakage. Access differentiation can be carried out by built-in means of the operating system, by means of application software of automated systems, or by other methods. The process of access control must be necessarily controlled. By control is meant blocking unnecessary accounts, checking the correspondence of user account rights to what is currently available and other measures within the framework of the information security process.

Measures to prevent information leaks

Delimiting access is not enough. To prevent the threat of leaks, it is necessary to organize work with employees of the company, as well as with counterparties. Regardless of social aspects (whether a person is satisfied with his work, salary, team, etc.), it is worth paying attention to the fact that each employee must be clearly and understandably explained his rights and obligations.

As a rule, organizational and administrative documentation establishes the rules for working with confidential information, as well as all kinds of prohibitions for working with this type of information. These include keeping passwords secret, prohibiting the output of protected information on screens and printouts, prohibiting the use of unrecorded removable media, rules for dealing with emails, and much more. It is also necessary to make it clear to the employee that if he violates these rules, he will be held liable and subject to various disciplinary actions and fines.

It is important to apply measures to prevent unauthorized access. And this includes restricting access to areas where protected information is stored and processed, and the use of access control and management systems, permit regime, electronic locks, video surveillance systems and so on. Things are elementary, but in most cases, these things are forgotten.

If the protected information is transferred through communication channels, particularly over the Internet, it is necessary to use technology to establish a secure connection (VPN is the most common solution) or to use cryptographic protection of information. And do not forget about the use of firewalls and the rules of safe work on the Internet.

When building a protection system, all relevant threats must be taken into account. DLP systems exist to prevent leaks (they control information flows and perform content analysis), as well as SIEM systems for monitoring security events. Nowadays, there is a wide range of protection means, depending on consumer demand, such as Securit ZGate, InfoWatch Traffic Monitor, Symantec Data Loss Prevention, Search Inform.

You should understand that information security system will be effective only if its components are properly configured and functioning (not only DLP system, but also anti-viruses, firewalls, means of protection against unauthorized access, etc.), and if basic principles of complex protection are used, such as continuity, prioritization, centralization, redundancy of critical elements.