Information leakage causes
Today, most enterprises use multi-level information processing systems - computers, cloud storage, corporate networks, etc. All these systems not only transmit data, but also the environments in which they are possible leaks. Leakage of classified information is a process of uncontrolled disclosure of key data for a company.
Trade secrets are information about the organization of an enterprise's activities, product development technologies, cash flow data, intellectual property and other information that the firm receives financially from owning.
Reason 1 - Personnel
Every employee in an enterprise is a potential threat to information security. Often people take work home - they move work files to their flash drives, transfer them over insecure connection channels, discuss information with employees of competing companies.
Staff actions can be deliberate and unintentional. Unintentional actions are the result of ignorance of the rules for working with commercial information.
There is always a risk of information leakage from personnel, and it cannot be completely excluded. The security service can take measures that limit the interaction of employees with confidential information:
- Development of access control rules. The rules are a list of clear rights and restrictions that must be respected by each employee. Their basic principle is that each employee interacts only with the data that is necessary for his work. Thus, a simple manager will not be able to find out the product development technology and other important data that an attacker wants to know.
- Compliance with the standards of documenting information that contains trade secrets.
- Prompt identification of employees who pose a threat of data disclosure.
How to identify an employee who divulges data to a competitor?
An authorized employee or security department should be responsible for the control of personnel's work with classified materials. Their task is to monitor the activities of employees throughout the working day and promptly identify all cases of information leakage.
In practice, you can detect a person leaking a commercial secret by the following signs:
- An employee is delayed without warning after work at his workplace. In this case, there is a possibility that he is trying to gain access to classified information at a time when there are no supervisors nearby.
You need to pay attention to such a worker and see if his goal is to find out secret information. Special access accounting systems help to control the time spent by personnel at the workplace. It is necessary to start an investigation only if specific facts of leakage of protected information become known.
- An employee saves too many electronic company documents to his personal computer or smartphone.
This type of leak can be traced to companies that use file system protection systems. The essence of their work is to create a common server that operates within the same corporate or Wi-Fi network. During each opening, copying and movement of data on the service PC, all information about the processes goes to the server. Thus, the security administrator can identify from which PC and in what quantity the classified information was moved.
- The employee unnecessarily copies paper documentation, information in which is intended for official use only.
According to the documentation standards, all physical folders and files with trade secrets must be stored in the protected part of the archive. Access to documents is only possible for authorized employees. All data on the receipt of a document with a secret in hand must be documented (indicating the name of the employee and the exact time of issue of the document).
If a secret document fell into the hands of an unscrupulous employee, you can track its unauthorized copying on a scanner or copier, which stores a report on the latest actions. There are also fax machines that can be accessed only after the correct user ID-password pair is entered.
- The employee regularly violates general safety requirements when working with trade secrets.
If personnel regularly try to bypass the ban system by viewing prohibited resources, or use personal technology to process sensitive data, additional user control systems must be implemented. For example, DLP systems. Their task is to monitor all user correspondence from commercial mail and other electronic mailboxes that are registered in the system. Also, the protection module prohibits the installation of third-party software, and all actions of the employee at the computer are visible to the security administrator.
- The employee was caught in contact with employees of competing companies.
In large companies, workers often communicate outside of working hours. Thus, they get more information about each other and can learn about the connections of a colleague and an employee of a competing organization. The likelihood of ordinary friendly relations between people is also possible, but it is better to notify the company management about this in order to avoid unnecessary suspicion.
Reason 2 - Problems in recruiting
Frequent personnel changes, large-scale changes in the organization of the company's work, lower wages, staff reductions - all this is part of the "turnover" of personnel. This phenomenon often becomes the reason for the leakage of classified information.
The crisis, the lack of funds for the issuance of salaries force the management to worsen the working conditions of the personnel. As a result, employee discontent increases, who may leave or simply start spreading classified information to competitors. The problem of staff turnover is especially important for management positions, because all managers must have access to classified documents.
The threat of spreading secrets can be carried not only by employees who have already left, but also by current employees whose level of motivation is lowered.
To prevent the problem, create the most comfortable working conditions for employees. In the event of a serious crisis, it is recommended to gather staff to discuss possible ways out of a difficult situation. It is important to notify employees of all payroll changes in advance, rather than upon payment of the salary.
Sometimes one employee creates an unfavorable atmosphere in the team. SearchInform ProfileCenter analyzes the correspondence of employees in e-mail and messengers and compiles their psychological portraits. The system determines the positive and negative aspects of a person's character, which allows you to make the right management decisions.
To eliminate the “turnover”, it is important to follow these recommendations:
- Establish a recruitment system. All leading organizations have a dedicated department that deals with hiring, firing and supporting employees. You should not look for an employee for a vacant position as quickly as possible. A good HR (recruiting specialist) must listen to several applicants for the position, disseminate information about a vacancy on all popular Internet sites, and hold a final competition, the results of which will determine the most suitable candidate.
- Implementation of a reward system. For success in work, overfulfillment of plans and the conclusion of lucrative contracts, employees should be encouraged. Examples of incentives include raising wages, improving working conditions, and moving up the career ladder.
- Providing all employees with opportunities for professional growth, advanced training. Good companies always send their employees to professional development courses or buy online trainings for more convenient training. It is also recommended to organize trainings from leading industry professionals.
Reason 3 - Business trips
The working process of the company implies business meetings, trips to other branches of the company, countries. Employees who travel frequently can inadvertently become the main cause of the leakage of classified information of the enterprise.
When traveling, such an employee always has a personal or corporate laptop / smartphone with him, which processes the protected documents. Equipment can be left in a public place, broken or stolen. If an employee is under surveillance or meets with a rival company executive, a lost laptop can become a major source of inside information.
To prevent such cases, it is important to use the hard disk encryption systems of those PCs that are issued to employees during business meetings. Even as a result of theft and unauthorized access, information will be reliably protected, and it will be impossible to crack it without knowing the key.
Reason 4 - Cooperation with other companies
Most automated security systems are able to restrict access to service information only within one building or one enterprise (if several branches use a common storage server).
In the process of joint implementation of a project by several firms, the security services cannot fully track how access to the official secrets of each of the enterprises is realized.
As in the previous case, the use of cryptocontainers (hard disk encryption systems) will help protect secret information from hacking.
Reason 5 - Using complex IT infrastructures
Large corporations use complex proprietary information protection systems. Automated systems imply the presence of several security departments and the work of more than five system administrators, whose task is only to maintain the safety of trade secrets.
The complexity of the system is also a risk of leakage, because the simultaneous work of several people is not well organized. For example, one administrator may introduce or remove access control rules, while another may forget to enter the data of access rights to servers.
When using complex information protection systems, it is important to correctly separate all responsibilities and monitor their timely implementation. Otherwise, the created system can harm the company.
In SearchInform DLP, you can delimit the access of security personnel to certain reports and operations in the system. It is safer to entrust the maximum number of powers to the head of the information security service.
Reason 6 - Equipment breakdowns
Errors in the software
All kinds of software malfunctions occur all the time. When a vulnerability appears, the protected files risk becoming intercepted by a hacker. It is important to promptly identify all malfunctions in the installed software and hardware components. The security administrator is responsible for the operability and interaction of all protection modules.
A significant amount of important documentation is lost as a result of a database crash. Recovering hard drives is a complex task that does not guarantee the return of lost information.
Server hardware failures
It is safer to store all information using cloud computing. Cloud platforms increase the speed of information processing. With their help, each employee will be able to access the desired file from any device. The encryption system is used by the remote server, so there is no need to secure transmission channels.
Service provider's servers can crash due to natural disasters or massive hacker attacks. As a rule, owners of cloud platforms always keep archived backups of the contents of user accounts, so failures are quickly resolved without losing important documents.
Breakdown of technical means of protection
For the safety of trade secrets, it is recommended to protect not only operating systems and gadgets, but also the entire perimeter of the office premises, as well as the control area of street communications. For these purposes, window caps, seals of architectural structures (to prevent wiretapping), devices for shielding and noise pollution (to make it impossible to intercept radio waves) and other gadgets are used.
Due to the breakdown of one of these devices, an information leakage channel arises, which becomes available to an attacker to intercept classified data.
If computers and other data processing equipment break down, they must be repaired at a service center. Taking the gadget outside the premises and handing it over to an outsider (even if he is not interested in obtaining official secrets) is a possible reason for the leak. The company's security department cannot control the gadgets while they are outside the firm.
Reason 7 - Leakage through technical transmission channels
A data leakage channel is a physical environment within which the spread of secret information is not controlled. Any enterprise that uses computers, server racks, networks has leakage channels. With their help, an attacker can gain access to trade secrets.
The following leakage channels exist:
- Speech. Competitors often use wiretapping and other bookmarks, with the help of which secrets are stolen.
- Vibroacoustic. This leakage channel occurs when sound collides with architectural structures (walls, floors, windows). Vibration waves can be read and translated into speech text. Using directional microphones at a distance of up to 200 meters from the room, an attacker can read a conversation in which service information appears.
- Electromagnetic. As a result of the operation of all technical means, a magnetic field arises. Signals are transmitted between hardware elements, which can be read by special equipment over long distances and receive secret data.
- Visual. An example of the emergence of a visual theft channel is holding meetings and conferences with uncovered windows. From a nearby building, an attacker can easily view everything producing. There are also options for using video bookmarks, which convey a picture of what is happening to competitors.
To protect technical leakage channels, it is recommended to use:
- Thermal imager. With the help of such a device, you can scan all walls and parts of the interior for embedded devices (bugs, video cameras).
- Devices that muffle radio frequency signals.
- Protective equipment for architectural structures - seals for windows, doorways, floors and ceilings. They isolate sound and make it impossible to read vibration waves from the building surface.
- Devices for shielding and noise reduction. They are used to protect the electromagnetic leakage channel.
You should also ground all communications that go outside the premises and controlled area (pipes, cables, communication lines).
How to minimize the risk of leakage?
There are several effective ways to help reduce the risk of information leakage and disclosure. The enterprise can use all methods of protection or only a few of them, because the security system must be economically viable. Losses from the loss of classified information cannot be less than the cost of implementing and maintaining a security system.
Encryption is a simple and effective method of protecting trade secrets. Modern encryption algorithms use world standards in the field of cryptography (AES, GOST ciphers), two-way key exchange (with its help a hacker will not be able to break the cipher even after gaining access to the transmission channel), elliptic curves for generating protection. This approach makes cracking the encrypted message impossible for standard computers.
Benefits of using encryption to prevent leakage of business information:
- Ease of use. The encryption is implemented with special software. The program must be installed on all computers and mobile devices in which classified information circulates. The operation of the application is configured by the system administrator or security administrator. Thus, the average speaker user does not need to learn how to use the protection system. All files are encrypted and decrypted automatically within the corporate network.
- If it is necessary to transfer important electronic documents outside the commercial network, they will be stored on a flash drive, cloud drive or in client mail only in encrypted form. Disadvantage - without special software, the employee will not be able to view the contents of the file.
- High degree of reliability. Using powerful computational cryptography algorithms, it is difficult for an attacker to intercept secret messages or company traffic, and decryption is impossible without knowledge of the public and private keys.
Note that encryption is not the only way to protect secrets from all possible attacks. Employees are able to read the contents of electronic documents within the commercial network without any problems, so the risk of unauthorized disclosure to third parties remains. The use of cryptography is an integral part of the functionality of every complex security system.
If hardware is easy to control, then personnel are one of the most dangerous sources of leakage. The human factor is always present, and even security personnel cannot always determine which employee may pose a threat.
As a rule, the search for an intruder among the staff is carried out already when the first cases of data transmission to competitors became known. Security administrators check the possibility of interception of information through technical leakage channels, and if all channels are reliably protected, the suspicion falls on workers.
The activities of the organization's employees are monitored using time tracking systems. This is a complex hardware and software that documents the exact time of arrival at work, the time of leaving, the activities of personnel at the computer, records corporate mail correspondence, conducts video surveillance and transmits all this data to the company's management or the head of the security department. Further, all the information received is analyzed and the number of employees who could spread commercial secrets is identified.
Norms for documenting and transferring trade secrets
Protect not only electronic documents, but also all printed documents that contain classified information. According to the Law on the storage and processing of statements that contain commercial secrets, the following requirements must be met:
- Store all documents with trade secrets exclusively in separate closed rooms, which are guarded around the clock by video surveillance systems or security guards.
- Only employees who need it in the course of work can have access to official secrets.
- A record of the withdrawal of a document from the archive is entered into the registration log. The exact date, stamp of the document and the initials of the person who received the copy of the file are indicated. Similar actions are performed when returning an object.
- A document that contains a trade secret cannot be taken out of the office without notifying the head of the security department about this action.
- For the transfer of secret documents between the branches of the enterprise, courier mail is used - a secure courier transfer of documents of particular importance.