Data
Leakage
Name
Course
Instructor
Date
Introduction
Data leakage
entails transmitting data or information from an enterprise to an external
recipient in an unauthorized manner.
During the conduction of business transactions, it is likely that
sensitive information will have a transfer to people that should not access it.
The sharing of data with other business partners may also take place, and that
can make the data or information to face a risk of being used in a manner that
can encourage inappropriate usage. It is essential that the incidents that can
encourage data leakage be identified and then addressed appropriately for the
purpose of making sure that an organization’s confidential or sensitive data
does not get to unintended recipients. Firms need to leverage a more
data-centric approach to protecting their critical data so that they can ensure
that there is the safeguarding of the integrity of the data.
How Data Leakage Occurs in
Organizations
The leakage of
data via the misuse of the data in organizations or the vulnerabilities that is
present with the hardware, platforms or software that is being use. When
information on the database has no enough protection of security mechanisms
set, it is prone to finding its way to unauthorized parties. Sometimes the database administrators
carelessly store the password files without the proper security enhancements
hence making it for the third parties to access the password file which they
can then use to accomplish their ill motives in a company’s information
systems. Also, data leakage can occur as
a result of a user accidentally deleting given file or data. Sometimes also, updates can be made on the
data without first understanding how the updating will affect the data.
The employees of
an organization may also lack enough training on how they should handle emails
from unknown parties. Because of that knowledge they open emails from sources
of which they are not aware, thus restyling to data leakage. When a person
downloads software from the Web and then installs it, if the software contains
malware, and the user’s machine does not have some anti-malware software
installed, data leakage occurs. Data leakage can also take place when the
stealing of devices with sensitive information is stolen. Also, the other way
that data leakage occurs is via the implementation of not-tech methods like
shoulder surfing that allows persons to access an enterprise's network
directly.
Common Causes of Data
1. Theft of Computers
The theft of
computers or other devices that have sensitive data is one of the common causes
of data leakage. When one leaves a computer or other devices unattended to,
another person with ill intentions can take advantage and steal the computer,
sensitive data or both (Filkins & Radcliff, 2008). The problem will be
heightened when there is a lack of a proper backup for the data that has been
lost.
2. Cyber Terrorism
Cyber terrorism
is another common cause of data leakage.
Modern terrorists are leveraging the loopholes present in a company’s
information system to steal sensitive data from the companies. The fact that organizations are depending on
societies for information technology, that in turn has created some form of
vulnerability that provides the terrorists a chance of approaching agents like
banking and financial systems (Kamaresan, 2014). There have been reports of
organized crimes whereby the attackers approach private companies and steal
vital data or assets that contain crucial data.
3. Manipulation
The other common
cause of data leakage is the case whereby criminals manipulate the employees of
an organization to provide them with sensitive data that they want to access in
the organization. Those criminals
normally approach the staffs that are working on the sensitive data systems.
Sometimes also, employees can be cheated to providing some vital information
without the knowledge that they are giving information to somebody with ill
intentions.
How to Prevent Data Leakage
Handle
Data According to Culture and Classification
The environment
can influence the way data is being handled. The stemming of data leakage
starts by having an understanding of the type as well as the form of critical
information, its location, and the way the information flows within an
organization (Anjali et al., 2013). That should then be followed by a data map
that takes into consideration the data at rest and in transit. The knowledge of the actual picture of the
data for the enterprise can help in figuring out how the handling of that
information can take place and mitigate leakage (Khan, 2013).
Design
a training program for Employees
A firm should
ensure there is properly designed employee training program for education the
workers on the patterns of preventing and developing the needed awareness
(Khan, 2013). That awareness pertains to
the identification of sensitive data, the transfer of the same through email,
information management and snail mails (Anjali et al., 2013). The workers should understand the value of
data include the way they should handle it for the purpose of making sure that
leakage is eliminated or minimized.
Implementation
of Controls for Detecting and Preventing Data Leakage
An organization
should be sure to set controls that can enforce leakage data procedures,
policies as well as best practices (Kamaresan, 2014). Those controls may be administrative,
physical or technical. Those should have integration with the proper data
security tools so as to make the prevention as comprehensive as possible. There
should be controls at the perimeter level such as outbound filtering, audit, and
encryption so as to prevent unauthorized e-mailing, backing up, of downloading
of applications (Khan, 2013).
References
Filkins, B. & Radcliff, D. (2008). Data leakage
landscape: where data leaks and how next generation tools apply. SANS
whitepaper.
Anjali, B., Geetanjalila, R., Shivlila, P., Swati, S.
& kadu, N. (2013). Data leakage detection. European Journal of Computer
science and information Technology, 1, (1), 1-10.
Kamaresan, N. (2014). Key Considerations in Protecting Sensitive Data Leakage Using Data Loss Prevention Tools. ISACA Journal, 1.
Khan, K. M. (2013). Developing and evaluating
security-aware software systems. Hershey, Pa: Information Science
Reference.
ISCTCS (Conference), In Lu, Y., In Wu, X., & In Zhang, X.
(2015). Trustworthy computing and services: International Conference,
ISCTCS 2014, Beijing, China.
Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in research paper writing help 24 hours if you need a similar paper you can place your order for essay writing services.
No comments:
Post a Comment