Plugging data leaks in the work from anywhere era

Data leaks don’t make the headlines as often as data breaches, yet often have the same devastating impact on a business. It is therefore essential that organisations know how data leaks occur, and the main steps needed to protect themselves from it.

A data breach is defined as an external attacker entering an IT ecosystem and stealing private or sensitive information. Conversely, data leakage occurs from an inside threat: a person within the company shares confidential information with unauthorised recipients, or creates a breach that allows individuals who should not have access to easily access this information. Both actions can be deliberate or – arguably even more frightening – accidental.

Like a data breach, a leak has widespread consequences. In particular, it can result in legal prosecutions by those who’s data has been exposed, sanctions by the Information Commissioner’s Office, and on top of this, damage to the reputation of the business resulting in loss of sales.

Addressing the issue of data leakage from the cloud

Paolo Passeri, cyber intelligence principal at Netskope, talks about the issue of data leakage within the cloud. Read here

Rooting out the cause

In 2020, organisations around the world quickly switched to remote working. But when employees access proprietary tools and databases from home, even the slightest misconfiguration can put data at risk. In fact, 60% of companies say they discovered new security vulnerabilities as a result of the transition to a working from anywhere model, according to Netwrix research.

Data leaks can also be caused by malicious employees, or basic negligence due to a lack of IT and cyber risks knowledge. According to Forrester‘s forecast, 33% of data security incidents in 2021 will be attributable to employee-related incidents, which is an increase from the 25% recorded in 2020. Remote working is cited as the reason for this increase. For example, Tesla discovered that a QA software engineer had stolen thousands of files containing trade secrets by uploading them to a private Dropbox account. Many healthcare providers have also recently become victims of data breaches, both due to increased cyber attacks on the industry but also stress factors leading to increased accidental leaks of protected health information to unauthorised recipients.

Underneath the human factor, fundamental system or software issues are the other main cause of data leaks. For example, in 2020, millions of hotel customers’ details were potentially exposed after a software company Prestige Software improperly stored sensitive data. The system, used by and Expedia, had been incorrectly storing years’ worth of data from hotel guests and travel agents as far back as 2013 – with details including credit card and CVV numbers, full names, addresses and ID numbers leaked.

Not all data is created equal

There are obvious company data assets that are made readily available to the public – such as press releases issued by the organisation, descriptions of products or services, and the website’s privacy policy. However, most of the data stored by an organisation is not intended to be accessible to everyone, and therefore would only be shared or accessed inappropriately. These include business details, inventory information, intellectual property (depending on the industry, these could include blueprints, chemical formulas, or even recipes), customer data (personal data, personal health information), or employee data (personal data, financial information, usernames and passwords).

The first step in preventing data leaks is to identify what data can be freely shared and determine precisely who is allowed to access all of the other information a company might store. By using data discovery and classification, a business can organise all of its data accordingly into appropriate categories, in order to adequately protect it. By making the effort to identify sensitive data and access levels across the organisation, businesses can correctly prioritise and focus their security efforts on what matters most.

What every healthcare technology leader needs to know about cloud data and security

With the explosion of new data-capturing devices in healthcare and the rapid move to the cloud, we explore what healthcare technology leaders need to know about cloud data and security. Read here

Reinforcing protection

Next, the appropriate security controls should be deployed. For resource and time starved businesses, the priorities to be deployed include:

  • Identity and Access Management (IAM), a framework that allows companies to implement and manage policies for accessing sensitive information, which can incorporate Privileged Access Management, which defines and controls the administrative role of admin users;
  • Encryption, which involves encoding data so that it cannot be read even if it falls into the wrong hands;
  • Data access governance, which applies the “principle of least privileged” to ensure that users only have the access permissions they need to do their jobs;
  • Change management and auditing, which can help prevent configuration errors and other security vulnerabilities;
  • User and Entity Behaviour Analysis (UEBA), which identifies unusual activities that could eventually that could lead to a data leak.

Comprehensive programmes

Raising security awareness among all employees – from junior members of staff to the CEO – should also be a central part of any organisation’s cyber security strategy. Especially in today’s work from anywhere era, not knowing the security rules leads to a high risk of compromise.

To reduce potentially costly mistakes, security awareness programmes which could include training employees, and raising and onboarding security champions across all business units to scale the efforts of IT security team is key. Detecting irregular activity early can also help prevent or reduce a data leaks and breaches, backed up with the right systems. For example, alerts on changes to critical configuration settings can help immediately correct a security breach, and spotting a user who is copying sensitive data to a local machine allows for action before the machine leaves the premises.

Finally, there should be a clear process in place to recover any content lost during a data leak. This requires establishing and testing a comprehensive recovery plan for all important information. A few simple steps can go a long way in protecting data from being leaked out of your organisation.

Written by Ilia Sotnikov, security strategist and vice-president, user experience at Netwrix

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at