Data Leakage Solutions
One of the most debilitating IT headaches strikes when confidential data leaks out of the company’s network and falls into the hands of malicious users (Data Leakage).
No matter how robust your technology is, or how intuitive your detection systems are, restricted data somehow manages to seep through the least guarded nooks and crannies of the enterprise i.e. your users!
Experts have said that the usual and most overlooked sources of data leakage are slapdash database privileges, e-mail, and slipshod security policies. Data is stored in containers like liquid. The term data leakage is appropriate as it contextualises how the phenomenon occurs.
Some data flows from place to place in conduits (networks or VPN links) like water in pipes and again this is prone to leakage. In this scenario the data leaks near the tap, on the computer where the data is processed and transmitted from. It is possible for the pipe/network to be tapped/sniffed again resulting in data leakage.
The counter to these vulnerabilities is encryption.
Solutions from Vormetric and Sophos can help in keeping information that is being transmitted or stored secure. Liquid can also be carried in buckets; data similarly can be transported on laptops, mobile phones, USB devices, memory sticks, tapes, etc. These buckets can have holes or can lack access control solutions to stop people from taking water out of the bucket. These technical controls can come in the form of encryption or strong access controls.
In this day and age strong encryption is highly recommended as most access controls are easy to bypass as a result of access to tools available on the Internet.
Other potential data leakage points are remote access solutions, instant messaging clients, email, printouts and intruder attacks. Even a glass window that is part of a skyscraper that someone can peer through using a telescope by using a vantage point in another building can result in data theft.
Do not rule these types of attacks out. Although they sound far-fetched and low-tech, it happens.
How do we stop data leakage?
- Encrypt: Encrypting data enables confidentiality; this means that if the data falls into unauthorised hands the data is unreadable.
- Require two factor authentication: Passwords have become too weak, two factor authentication is becoming more necessary as our lives become more digital. Think about the worth of your digital identity.
- Encrypt communication: If you do not want others to hear what you are saying change the way you speak. Encrypting communications is not a new technique – it was used even in the times of the Romans. Rest assured if you are not interested in the security of your communications there are many unscrupulous people that are.
- Protect your keys: This is very important and should be the number one concern. Access to keys = Access to data. Your keys needs to be stored in a secure manner, just like the key to your home it is good to have a second set of keys stored away in a secure location so if the first set is destroyed you can get your second key securely.
- Backup your data in a secure way: Data storage and data backup need to be performed in a secure way. It is important that data is accessible and the ability to restore is paramount, in parallel it is also important that such data is kept in a confidential form and that unauthorised users are not able to read or manipulate this data.
- Protect the end point: Most users are not bad but they do make mistakes, which is why protecting the end point i.e. the PC is important. Here we are not only concerned with what the user does with data but also what they type as they might be going to sites which are dangerous to the company. It is often thought that content scanning solves this but be aware there are so many proxy sites which give legitimate access to the internet but really take the user to another site. So what someone types is not necessarily what is on the screen.
At Digital Pathways we deal with this problem every day and have built a methodology which addresses many of these issues by deploying technology and educating users and system administrators in best practice strategies, which most importantly fit in with the companies needs both business wise and compliance wise.
Our approach is to consider the following:
- Identify required access hours
- Specify login credentials and rights
- Disable outside software
- Implement internal auditing / intrusion monitoring applications and use them
- Lock down internal hardware components
- Perform regular audits on security and resource
- Disable USB, fire-wire ports and any other external device or allow only company issued devices
- Restrict mail size and / or block all attachments
- Disallow use of camera devices within restricted / sensitive areas
- Review system admin privileges both for servers and databases
- Define a Point of Contact policy for questions about the network and its contents
- Execute nondisclosure and confidentiality agreements
- Define chain of command and escalation procedures should an incident be identified
- Ensure that managers as well as users understand the security plans and policies (train and educate)
- Get people involved. The companies data is an asset which everyone has a duty to protect