Protecting Your Company From Data Leaks

Data leaks due to hacking, skimming, and phishing has not been prevalent until recent years. According to this info-graph from Cyberscout, the number of data leaks doubled from 2015 to 2016. This is most likely due to a shift from hackers using plan email phishing methods to spear phishing. The difference between the two is substantial. Spear phishing takes a lot of time and knowledge about an organization and human psychology. But the time investment pays off because the success rate of spear phishing is very high. You will see these attacks in news as CEO Fraud or Social Engineering. To prevent this, you need to train your team to identify such things and to verify requests through the phone.

Insider Theft

In the past, insider theft of corporate data was a big problem. In 2008, there were over 100 recorded incidents. That number dropped to 85 in 2009. That was attributed to system administrators revoking privileges from users and former employees. In 2013, there is a resurgence of data leaks due to insider theft. This is most likely due to the emergence of the cloud and companies trying to take advantage of it without knowing how to fully implement it. Even today, there are reports of former employees that can access their former employer’s cloud files. Make a checklist of software and to-dos for when an employee leaves your company.

Weak Corporate Internet Security

Business Internet Security, or business IT security in general, is probably one of the most important parts of protecting your company from data leaks. The number of data leaks due to weak corporate internet security decreased from 2008 to 2012. Since 2012, it has seen a dramatic increase. Like insider theft, it seems to be involving cloud services and online storage of files. The problem with the cloud is if you misconfigure it, the database is wide open to anyone. Misconfiguring Amazon Web Services (AWS) buckets have been the most common source of data leaks in recent news.

Lost or Stolen Devices

This is probably the only category that has seen a decrease from 2008 until now. Although the number of data leaks has decreased, this doesn’t mean you should ignore it. If an employee loses a laptop or has it stolen, the data on that device goes with it. It’s important to have a way to wipe that device or at least wipe corporate data. There are many ways to do this these days. Most, if not all, fit with businesses that provide devices for their employees or have a Bring Your Own Device (BYOD) Policy.

Leak by Outside Vendor

This is one that is the least controllable by businesses. Often times, industry exclusive software is limited to 1 or 2 different providers. If that provider becomes lax on its own internal security, it hurts you in the end. Often times, the leak takes credentials from the outside vendor like Yahoo. In these cases, it’s important to have strong password practices and two-factor authentication wherever possible.

As a small business owner, researching all of this and implementing it is a daunting task. Business Data Services does this on a daily basis with companies all over the Kansas City Metro Area. When you work with us, you’ll find you have more time to focus on the growth of your company and spend less time worrying about technology. Let us help protect your company’s data so you don’t end up on the local news! Call us today at 913-239-0368 to learn more.

Leave a Reply

Your email address will not be published. Required fields are marked *