Data leaks don’t get as much press as data breaches — but they can be just as devastating to your business. In this article, you’ll learn how data leaks happen and the key steps to take to defend your organization.
What is a data leak? How does it differ from data breach?
A data breach occurs when an attacker from outside your organization gets into your IT ecosystem and steals private or sensitive information.
Data leakage, in contrast, happens from the inside out: Someone inside the organization shares confidential data with unauthorized recipients, or leaves a gap that enables that information to be easily accessed by people who shouldn’t see it. Either action could be accidental or deliberate.
Like a data breach, a data leak can have multiple unpleasant consequences. It can result in lawsuits from the people whose data was exposed, penalties from regulatory agencies, and damage to your business reputation and bottom line.
What types of data can be leaked?
But most of the data that your organizations stores is not intended to be available to just anyone, and therefore can be improperly shared or accessed. Examples include:
- Trade secrets
- Source code
- Inventory information
- Research data
- Customer data (personal data, personal health information)
- Employee data (personal data, financial information, usernames &passwords)
How do data leaks happen?
Here are three of the most common causes of data leaks.
Misconfigurations by IT pros
In 2020, organizations around the globe rapidly transitioned to remote work. But when workers access proprietary tools and databases from home, any misconfiguration can put the data at risk. In fact, 60% of companies reported finding new security gaps because of the transition to remote work, according the Netwrix 2020 Cyber Threats Report.
Even industry-leading organizations have misconfigured systems in a way that left content vulnerable to data leakage. For example, Microsoft misconfigured security rules for a customer support case database, which left sensitive data exposed.
Malicious or careless business users
Data leaks can also be caused by malicious or careless employees who are not IT pros. Forrester predicts that 33% of data breaches in 2021 will be caused by insider incidents —an increase from 25% in 2020. The company cites remote work as the reason for the uptick.
For example, Tesla found that a Quality Assurance software engineer stole thousands of files containing trade secrets by transferring them to a personal Dropbox account. Multiple healthcare providers have experienced data leaks due to protected health information being accidentally sent to improper email recipients.
System or software issues are another common cause of data leakage. For example, a software error in a Denmark government tax portal exposed the tax ID numbers of 1.26 million Danish citizens over a period of five years. Each time a taxpayer updated their account details, an identifying number would be added to the page’s URL, which would then be collected by Adobe and Google, which were running analytics on the site.
How to Prevent Data Leaks
These five steps will help you strengthen security and prevent data leak problems:
- Classify your data according to its value and sensitivity.
The first step in preventing data leaks is to know which data can be freely shared, and exactly who should be allowed to access the other data you store. Using data discovery and classification, you can organize all your data into categories so you can protect it appropriately.
- Proactively identify and mitigate IT risks.
You won’t know where you’re most vulnerable unless you regularly assess your risks. To implement effective risk assessment and risk management, consider using an industry standard like the assessment framework from the National Institute of Standards and Technology (NIST). The NIST SP 800-30 document lays out the procedures for the assessment.
- Protect your data according to its value and sensitivity.
Next, deploy the right security controls. The NIST 800-53 standard can help you choose appropriate controls. Best practices include:
- Identity and access management (IAM), a framework that helps businesses implement and manage policies for access to sensitive information
- Encryption, which is the process of encoding data so that cannot be read even if it falls into the wrong hands
- Data access governance, which includes applying the principle of least privilege to ensure that users have only the access permissions they need to do their jobs
- Change management and auditing, which can help you avoid misconfigurations and other security gaps
- User and entity behavior analytics (UEBA), which helps you spot unusual activity that could lead to a data leak
- Train all employees on security awareness.
The Netwrix 2020 Cyber Threats Report showed that 58% of companies are worried that their employees will ignore security rules, putting data at risk. To reduce the risk of costly mistakes, perform security training for all employees, including executives, on a regular basis.
- Enable timely detection.
Detecting improper activity promptly can help you avoid or reduce the scope of a data leak. For example, alerts on changes to critical configuration parameters can enable you to immediately close a security gap, and spotting a user copying sensitive data to a local machine can enable you to intervene before the machine leaves the premises.
- Be ready to recover.
Finally, a process must be put in place to recover any content that is lost in a data leak. Be sure to implement a test a thorough recovery plan for all important data.
How Netwrix can help you prevent data leaks
The Netwrix Data Security Platform can help you prevent data leaks. It provides all of the following essential capabilities:
- Automated data classification — Accurately identify and tag sensitive information across a wide range of on-prem and cloud-based data sources.
- IT risk assessment — Understand, prioritize and mitigate your IT-related risks.
- IT auditing — Detect threats, improve compliance and increase operational efficiency.
- User behavior analytics — Spot abnormal behavior before it leads to a data leak.
- What is data leakage?
Data leakage occurs when sensitive information is shared with an unauthorized user, whether inside or outside of the organization.
- What are the main causes of data leakage?
Common causes of data leakage include misconfigurations, deliberate or accidental actions by insiders, and system errors.
- What are some effective ways to prevent data leakage?
To prevent data leaks, it’s important to classify your data, identify your risks, put the right practices in place to protect data, increase security awareness, enable fast incident detection and create a recovery plan.
- What is the most common cause of data leakage today?
The rapid shift to remote work dramatically increased the risk of data leakage. 85% of CISOs surveyed in the Netwrix 2020 Cyber Threats Report said they sacrificed cybersecurity in order to quickly enable employees to work remotely.