Countering information leaks

 
Apply for SearchInform DLP TRY NOW

Information leakage is an uncontrolled process of obtaining data by users who are not in the circle of trusted persons and cannot work with classified information. At the enterprise level, the spread and disclosure of trade secrets causes serious losses and a decrease in the level of competitiveness in the market.

The methods of data theft are diverse, therefore, measures to counter information leaks should take into account all possible aspects and form a comprehensive protection system.

Information leak options

The first and main reason for the leakage of any valuable information outside the organization is the human factor. The security service can develop a powerful security system and regularly monitor its work, but at any time an employee can declassify restricted information. Moreover, the ability to immediately identify the attacker is not always there.

The second most common method of theft is eavesdropping and video surveillance. Despite the fact that these two methods of the attacker's operation belong to different leakage channels (acoustic and optical), they stand in the same place in terms of the number of cases of theft. Quite often, information security specialists discover hidden embedded bugs that record sound, or small video cameras. Modern miniature cameras can read and transmit images over long distances, as well as work with sound.

Other possible ways of information leakage:

  • Stealing passwords and other authorization data. An attacker can gain access to employee accounts and steal confidential information through vulnerabilities in an organization's computer networks.
  • Insecure connection. If the company's employees have free access to the Internet, there is always the possibility of data theft through this particular communication channel. We are talking, for example, about letters with viruses that often come to e-mail. Data can be stolen by malicious programs and scripts that are installed on the computer without the user's knowledge.
  • Vulnerability of architectural structures. If secret information is voiced in a room, it can be read using vibroacoustic devices that receive and decode vibration from walls, roofs, windows. As a result, the attacker receives a ready-made audio recording of the conversations of the organization's employees;
  • Common theft. Due to the banal lack of the simplest physical means of protection against information leakage: strong locks, safes, alarms - data can be stolen in the "classical" way, entering the object at night.
  • Theft of flash drives and data discs. If employees take removable storage devices outside the company, the data on the devices must be encrypted with strong security methods, otherwise competitors can easily steal the device and take possession of the secret.
  • Readout of electromagnetic waves and interference. There is such a leakage channel in all rooms where computer equipment is located. It is enough for a hacker to read all the leads at a distance of 150-200 meters in order to decipher them and obtain the necessary information.

All these methods of leakage of protected information are being worked out by the security service of the enterprise. It is necessary to think over and implement a powerful system of countering information leaks to minimize the risk of disclosing secrets.

Organizational leakage control

A comprehensive fight against information theft is always divided into several levels that interact with each other. The main and most important of all the stages is organizational. It is at this level that the necessary documentation, access control rules are created, and employees are assigned the opportunity to work with confidential data.

At the organizational level, they control the implementation of all other stages of protection, document the offenses that have occurred, which makes it possible to identify the fact of a leak as soon as possible.

Often, company leaders prefer to implement exclusively technical means of protection, forgetting about the importance of the organizational stage. However, this approach only increases the risk of confidential information leakage.

Organizational protection includes:

  • formation of a security service - a special department of the company, which will be responsible for keeping secrets and constantly monitoring the levels of protection. It is the work of security specialists that is a key factor in identifying the fact of a leak.
  • creation of a secure office work process, the task of which is to document all cases of processing valuable information, assigning a secrecy stamp to each document, sorting papers by degree of importance, their timely updating, replacement or destruction. This keeps information from being declassified.
  • limiting the number of employees who can access confidential data, as well as constant monitoring of the work of these employees. Competitors often lure employees from one company to themselves in order to find out classified data. The task of the security service is to minimize such risks at the organizational level through conversations, trainings, improving the quality of work, wages and other techniques.

One of the advantages of organizational protection is the low cost compared to installing and maintaining automated systems. Low costs and high efficiency prevent leakage, so organizational measures should be considered first.

Company management should ensure that the same safeguards are implemented in every department and branch, not just at the headquarters. The risk of information leakage occurs in any place where employees work with trade secrets or documents of varying degrees of secrecy.

Leakage control at a technical level

A technical leakage channel is understood to mean all types of information loss that relate to hardware, software and physical resources of the company, including architectural structures or communication lines that go beyond the protected perimeter.

In total, there are four options for stealing data through a technical channel:

  1. Visual observation and information reading

Expressed in real-time surveillance and covert installation of video recording devices in an enterprise that transmit data to an attacker over a wireless network. Information from physical copies of documents or important data that are displayed on a monitor or projector screen can be read.

  1. Theft through acoustic communication

In this case, the theft of classified data occurs by listening to the premises. This is possible thanks to the work of embedded devices or "bugs" that can "listen" to conversations in real time or record and transmit the recording to an attacker.

  1. Electromagnetic radiation, which is emitted by all technical means of information processing

With their help, an attacker can read a large amount of electromagnetic radiation and interference in a short period of time for further decryption. As a result, you can get readable text or a set of binary numbers that are translated into a regular file. It is possible to steal information in this way even at a distance of several hundred meters from the building in which the company's office is located.

  1. Material research

This includes all options for stealing physical copies of documents, for example, when an attacker enters a company building disguised as a courier or janitor. Further, he has every chance of tracking down the moment when one of the employees will work with classified documents. As a result of copying, theft occurs, and this method of theft is very difficult to identify. Material research refers to methods when an attacker goes through the garbage of a company. Very often, this allows you to get details of secret data, if the enterprise does not use methods of permanent destruction of documents using a shredder or other methods.

Effective methods of protection have been developed for each method.

  • Traffic control and network protection

Today all documents in any company are created and processed on a computer. For the convenience of work, all computers are networked and have access to the Internet. Thus, employees can easily transfer documentation to each other or correspond in real time without leaving their workplaces.

An attacker can easily take advantage of the information being transmitted over the network and steal sensitive data. The easiest way to intercept information is through an Internet connection. A virus is installed remotely on the computer of one of the workers, which sends all files and documents to the hacker in the background.

The most common way to install such a virus is via viral mailing lists. It is also not difficult to protect against this method of theft, it is enough to install a powerful licensed antivirus on each computer. In addition, the security service should regularly conduct training with employees in the basics of information security, including a description of threats to the global network and precautions that will protect the computer from spyware.

In addition, security administrators can use special utilities to monitor inbound traffic, which make it easy to distinguish between normal work of an employee and an attempt to install spyware.

You can protect local and global networks that operate in an enterprise by creating secure communication protocols and working with your own server equipment.

  • Cryptography and steganography

The use of cryptography and steganography techniques in a company's computer systems should be monitored by the security service and programmers. The main task of such a protection method is to encrypt secret information for its safe transmission over communication channels. It is recommended to use asymmetric encryption algorithms with two-way key exchange. This approach makes it impossible for an attacker to make any attempt to decrypt intercepted documents and data.

If the enterprise stores a large amount of service information in the cloud, in order to save space on hard drives or for other reasons, it is imperative to use special utilities that encrypt the file before sending it to the cloud.

Full control over the work with classified information is possible thanks to the implementation of DLP systems. DLP, or Data Leak Prevention, allows you to analyze data flows in the protected perimeter.

If an employee who does not have access to confidential data tries to steal it, the system automatically triggers and blocks hacking attempts. The security service or administrator is instantly notified of a documented issue. Also, the DLP system in real time monitors all actions of employees who have the right to work with documents of limited access.

  • Protection of architectural structures

To prevent an attacker from stealing information via a vibroacoustic channel, it is recommended to observe the following security measures:

  • use double or triple glass units that do not allow sound to pass through; install special plugs on the windows to prevent reading vibrations from the glass;
  • to seal walls, floors, roofs; ground radiators and other structures through which information on the vibroacoustic channel can be read;
  • in the office where confidential information is discussed, important meetings and councils are held, exceptionally strong multi-level doors should be installed that completely isolate the leakage of sound waves;
  • use generators of vibroacoustic noise, since it is impossible to read information as a result of noise in the room.

For comprehensive protection of information from leakage through the vibroacoustic channel, you can also use special systems such as "Sonata-AV", "Kamerton-3", "LGSh-304" and others.

  • Simple remedies

Do not forget about the basic means of physical protection of any room: strong locks in each office; an active alarm system that will instantly notify the guard about an attempt by strangers to enter the facility; safes for storing securities.

  • Eavesdropping protection

The use of sound recording bugs is still a common method of secretly obtaining confidential information. For protection, means of noise are used, in which eavesdropping devices cannot record the conversation.

To identify embedded devices, compact automated systems are used that read the perimeter at different frequencies and look for working devices. As a result of scanning, the system begins to emit a characteristic sound in the place where the "bookmark" was found.

Modern wiretapping devices can be in a disabled state and start working only when someone is talking in the room. When turned off, such devices do not have an operating frequency, therefore, you should first start a conversation and simultaneously start the scanning system.

  • Visual-optical means

Optical methods of confidential information leakage include both real-time surveillance and the operation of embedded video cameras.

You can protect yourself from surveillance in simple ways, for example, during important meetings and negotiations, close the windows with blackout curtains or conduct all secret events in a room without windows. It should be noted that the monitors of computers in the office are not turned to the window, otherwise an attacker can easily monitor and find out confidential data.

As in the case of wiretapping devices, automated systems are used to identify embedded video cameras. The use of a thermal imager will be effective, because the camera generates heat during operation, so that the thermal imager can easily detect the location of the object, even if it is installed in walls and other closed structures.

16.12.2020