Employees all over the world are utilizing business networks for communication, collaboration as well as accessing data. In most cases businesses are eager to enhance their productivity and have consequently resulted in them embracing the growing integration of networks for communications as well as business operations. Additionally, they have motivated their employees to take advantage of different technologies as wireless devices as well as public hotspots (Prakash & Singaravel, 2015).Although productivity is booming, network based collaborations are resulting in the introduction of the corporate data into the wider environment that is vulnerable as well as difficult to protect.
How Does Data Leakage Occur in an Organization?
The various ways in which organizations thus suffer from data leakage include the removing, transferring or sending via email, post mail, file transfer, webmail or instant messaging of sensitive data. The lax and improper as well as missing access controls to the systems that contain the sensitive information from the back-end databases as well as servers to the mobile computers are the additional sources of data leakage. The lost or stolen computers, mobile devices and laptops that have sensitive data that has not been encrypted; portable storage devices as well as hard disks, paper files as well as backup devices (Kim, Kim & Chung, 2015). Insecure transmission of data that is personally identifiable as well as any other data that is restricted. The authorized insider abuse of databases, as well as other backend database systems, is a source of data leakage. Insecure as well as the improper destruction of information entailing both the physical locations as the dumpsters and electronic media entailing the laptops as well as backups additionally expose the organization to data leakage (Prakash & Singaravel, 2015). The failure to have a policy emphasizing on the separation of duties as well as access encourage the data leakage as unauthorized individuals access the confidential data they should not be accessing.
What are the common causes of this problem?
The common causes the data leakage problem is an organization that does not have reliable policies that enhance the separation of duties. The outcome is this is that unauthorized employees with malicious intentions leak the data to the competitors and on other occasions sell the data. The loss of mobile devices that do not encryption is additionally a common way of data leakage as the individual who has the device can access confidential information such as emails. Failing to undertake the assessment and classification of the data that the organization has regarding its sensitivity and protecting it appropriate make it possible for unauthorized individuals to access confidential data that they should not be accessing. Poor destruction of the sensitive information is the additional common form of data leakage as the sensitive that is poorly destroyed is gets in the hands of an individual who does not have the authority to access (Kim, Kim & Chung, 2015). The lack of awareness among the employees on the fact that their behavior could be exposing the organization to a data leakage risk is additionally a common issue that raises the challenge data leakage in the organization. Additional common causes of data leakage in an organization include failure to log off computer, failing to protect passwords, gaining access to sites that are not authorized, poor physical and logical access controls as well as filing to implement remote access controls.
How Would Use Address this Troublesome Trend?
The various strategies that are applicable in dealing with the data leakage challenges include ensuring that that there is the handling of data regarding the classification as well as culture. The main attribute informing this assertion is that the environment has an impact on the manner in which an organization handles its data. For the organization to be able to deal with the leakage data challenge, they should be aware of both the type as well as the form of the sensitive information, its location and most significantly its flow in the organization. The organization should identify the areas that are most susceptible to data leaks and institute measures to deal with the areas (Prakash & Singaravel, 2015). The organization needs also to develop employee training programs emphasizing on experience. In designing the employee training programs, it should educate the employees on the prevention patterns and additionally develop need self-awareness. In this case, the employees will be able to comprehend the value of the data as well as the means of confiscating and handling it effectively during storage as well as transport on the physical media and devices (Kim, Kim & Chung, 2015).
Developing controls for the detection as well as prevention strategies via developing controls and consequently assigning enforcement responsibilities of the data leakage policies, procedures as well as best practices (Zilberman, Katz, Shabtai, & Elovici, 2013). Developing a holistic security environment such as an implementation of encryption that supports enforcements will be applicable in almost all areas such as from the e-mails to USB drives. Integration of data lifecycle management attributes the additional interventions that should encompass securing data expiration as well as storage (Kim, Kim & Chung, 2015).). Undertaking adaptations to the current changes is imperative for the organization as there are constant changes in the environment making it necessary for the organization to monitor and adapt to the changes accordingly. These changes will additionally center on the adoption of the regular security monitoring programs beyond the normal events that occur within the organization
Kim, S., Kim, N., & Chung, T. (2015). Study on sensitive information leakage vulnerability modeling. Kybernetes, 44(1), 77-88. doi:10.1108/K-05-2014-0106
Prakash, M., & Singaravel, G. (2015). An approach for prevention of privacy breach and information leakage in sensitive data mining. Computers & Electrical Engineering, 45134-140. doi:10.1016/j.compeleceng.2015.01.016
Zilberman, P., Katz, G., Shabtai, A., & Elovici, Y. (2013). Analyzing group E-mail exchange to detect data leakage. Journal Of The American Society For Information Science & Technology, 64(9), 1780-1790. doi:10.1002/asi.22886