Monday 5 November 2012

Can You Afford to Let Your Data Leak?

In the digital age Data Leakage is becoming an increasingly prominent issue. In recent years, groups such as Anonymous and Lulzsec have attacked organisations’ data in attempts to cause denial of service and retrieve private and sensitive information.  There have also been incidents of personal data stored on mobile devices being lost or stolen.  This has led to data protection becoming a hot topic for concern, but keeping data secure can seem to be an unending task and possibly an expensive one.


An increasing amount of devices are becoming essential within a business in order to maintain a high level of security.  For example Firewalls, IDP systems and Proxy servers are now generally considered vital components in keeping a network secure. However, with even mid-range devices costing thousands of pounds, not everyone has the resources to spend whatever it takes to keep information safe.  Furthermore, ensuring that these endpoint security devices are configured appropriately can be a mighty task, especially in large complex networks. All it takes is one ACL rule to allow access to somewhere that it shouldn't and malicious parties will have the opportunity to attack, even with the most expensive and complex of Firewalls. Therefore the management of these devices can also be costly and time consuming, however managing the impact of human involvement on your data security is one way of reducing leakage risks without having a huge impact on your budget.


Keeping control of what information is received and sent or taken locally is extremely important.  Whilst many Data Breaches can occur on a purely accidental level, as a result of someone unknowingly taking sensitive information away on a mobile device, there can be times when it is the result of a deliberate attack by a rogue employee.  This demonstrates the need for a sufficient user policy regarding the use of portable devices and storage and the consideration that these devices should be disabled from use on systems containing private data.  It would also be prudent to ensure that sensitive data on storage devices, such as backups, is in some way encrypted to minimise the impact of its loss or theft.  Furthermore, the use of network traffic monitoring software and devices could provide you with invaluable information as to the access of confidential material, with many devices creating patterns to notice a change to normal day to day data transfer.


There are multiple ways that an organisation can help prevent Data Leakage and protect themselves against a Data Breach, though it is widely agreed that data security requires a multiple response strategy in order to be effective. The expense associated with network security devices and there maintenance can seem cumbersome, however leaving data open to attack will have a much more severe impact on your organisations’ finances.  However combining device management with less costly methods, such as implementing a thorough user policy and increasing understanding within your workforce surrounding the importance of data security, could dramatically reduce the risk of a Data Breach.


By Edwin Bentley


Cyber Security Team- Titania Ltd

1 comment:

Did you find our blog useful? Let us know! We would love to hear your thoughts, opinions and comments regarding any of our blog posts.