How to avoid information leakage
Access to other people's information gives you a significant competitive advantage. Leaks of critical information lead to large financial losses and damage business reputation, therefore enterprises and organizations, regardless of size, form of ownership and type of activity, strive to prevent information leaks. Here are just a few general guidelines on how to secure your company's information space.
What is the danger of information leakage
The competitors of General Electric Corporation, the largest US manufacturer of equipment, stole innovative developments and launched their own products based on them. General Electric suffered huge losses due to leakage of classified information. This is an obvious example of direct damage from information loss.
In addition to material damage, data leakage harms the reputation of the affected company. As a result, profitable contracts are canceled, customers are lost, and qualified employees are leaving en masse.
Calculations of experts of the Ponemon Institute showed that the losses of companies from information leaks in the UK alone amounted to 1 million 700 thousand pounds. The risk of suffering from information theft is great for business in any country, regardless of the state of the economy, the level of technology development and other factors.
Leakage of information due to the fault of employees, or internal risks
The damage caused to companies by their own employees is many times greater than the damage from hacker attacks. To prevent information leakage due to negligence, accidental or deliberate actions of personnel, it is required to implement a set of protective measures at different levels. The difficulty lies in the fact that the risk group includes all employees of the company, and both an ordinary specialist and a top manager can turn out to be an insider. Identifying and "neutralizing" potential violators is the main task of the security service.
In the most general form, information leaks are divided into deliberate, when an employee deliberately transfers confidential information to unauthorized persons, and unintentional, when the leak occurs due to the employee's negligence or error.
How to deal with leaks
According to the Data Breach Investigation Report, only 10% of workers are guilty of leaks. But even with such a narrow “circle of suspects”, it can be difficult to determine who violated the information security rules. To combat information theft, special tools and methods are used, which, depending on the goals, are conditionally divided into two general categories.
- Search for anomalies in personnel actions
Every day, employees act according to the usual algorithm. A risk of leakage is indicated when employee behavior suddenly changes. This can be compared to the fraud detection scheme used by banks. If a client lives in Russia and regularly pays with a card for purchases in Russian stores, then the fact of receiving cash from a card in Australia will be regarded as suspicious and will lead to the blocking of the operation, as well as the activation of the bank's security service.
- Equipment protection
The second group of methods for dealing with data breaches is aimed at detecting vulnerable processes in the company. Critical points of an organization's work, where information theft can occur, cannot be detected using a simple algorithm - a system analysis is required. Simple measures can help protect information and strengthen corporate security.
- Installation of anti-virus programs. Malicious programs, spyware and ransomware destroy data, corrupt files, and give attackers access to passwords and codes. Recovering lost information is more expensive than a licensed antivirus, so you shouldn't save on security solutions. Pirated copies do not guarantee adequate performance and full-fledged protection, and the lack of up-to-date updates will prevent a new modification of the virus from being detected in time.
- Using a firewall. The software inspects traffic inbound and outbound from the corporate network in accordance with the rules and determines whether to transfer or block information in the event of a violation of security policies. Thus, the firewall timely prevents unauthorized access to information.
- Improving user skills. Training courses for employees; an explanation of why it is risky to download files from unknown addresses, publish information on third-party resources, install unverified software and other educational measures will help prevent information loss due to ignorance of employees.
- Strict differentiation of personnel access to databases and the Internet. The measure includes blocking the autorun of applications from external media and the launch of executable files downloaded on the Internet on the computer; configuring firewall and antivirus; Tracking the movement of public files within the corporate network.
- Systematic software updates. Timely installation of updates on your computer, updating servers, checking and "cleaning" common resources will protect sensitive information from leakage.
Adjusting business processes, identifying potential insiders and strengthening control over the actions of personnel in the complex will help reduce the likelihood of information leakage.
DLP system - comprehensive protection against information leakage
The main working tool for combating theft of confidential information is DLP - Data Leak Prevention systems, which prevent data leaks. DLP solutions for protecting corporate information are used by half of foreign and Russian companies, although the approach to DLP implementation is different .
DLP systems provide a secure information space in which incoming and outgoing traffic is monitored and analyzed. Modern DLP complexes control the transfer of files via Internet protocols, via external media, mobile devices, Bluetooth-connection, printer printing.
To facilitate the task of monitoring confidential documents in controlled traffic, several methods are used, for example, marking documents or analyzing the content in documents. IS practitioners prefer the second method, since when converting a file to another format, the marking of documents is violated.
Thus, the results of the work of the security service, and hence the safety of classified information, directly depends not only on the stable operation of equipment and software, but also on the qualifications of employees.