Data Leakage and Its Occurrence in an Organization

This paper deals with what exactly data leakage is and common methods on how it occurs in an organization. It also deals with mitigation steps which should be taken to limit these kinds of leakage. The increase in the methods of communication utilized by organizations to communicate both internally and externally has also increased chances of data getting into the hands of people it is not supposed to. According to Papadimitriou and Garcia-Molina (2011), the leakage of data in an organization has always costed organizations millions or billions of dollars either directly or indirectly. Gordon (2007) defines data leakage as the transmission of data/information from within the organization to an external recipient without authorization. The transmission of data/information may be done through physical means or electronically. Usually, the term data leakage is usually used synonymously with information leakage. The term unauthorized in this essay does not necessarily malicious or intentional. The transmission may be unauthorized, but still unintentional. In this essay, I will be discussing how data is leaked in organizations, common causes for data leakage, and how this troublesome trend (data leakage) can be addressed in an organization.

How Data Leakage Occur in an organization

According to Gordon (2007), the best way to formulate method of preventing data leakage is by understanding how data leakage occurs first and by understanding the kind of information that is leaked more commonly today. Publicly disclosed data concerning data leakage breaches indicate that more customer data is usually leaked than any other kind of data. The table below indicates the various categories of data leaked and their respective percentages. Source: Gordon (2007) Data leakage can be categorized into two main categories, that is, internal and external. Gordon states that data compilation done by “PerkinsCoie. com” and “EPIC. org” indicates that most data leakages occur through internal sources. By percentage, 52% of all data security breaches result from internal sources in comparison to the 48% that result from external sources. Out of the 52% data security breaches resulting from internal sources, further research indicates that only 1% is due to malicious/intentional leaking, while the vast majorities, 96%, are caused by unintentional leaking. Unintentional leaking can be deconstructed further to reveal that 46% of unintentional leaking results from employee oversight while 50% result from poor business processes within the organization. Some of the major internal vectors through which data security breaches occur are instant messaging, email, web mail, web logs, malicious web pages, file transfer protocols, storage media, hard copies, cameras, inadequate folder/file protection, and inadequate database security. Personal information of millions of people gets into wrong hands every year in the United States and worldwide. All these factors contribute heavily to loss in data every year, which often leads to severe effects for the business.

As businesses become increasingly distributed, mobile employees broaden the potential risk for data loss. Behaviors such as transferring files from a work device to a home computer that is not protected or maintained to IT's standards, using personal communications that are not as safe as corporate communications, talking about sensitive company matters where others can hear the conversation, and failing to use a laptop privacy guard when working remotely in a public place all invite information theft. Employees also fail to safeguard equipment such as laptop computers and portable storage devices, which can be lost or stolen.

Common Causes of Data Leakage

According to Guidance Software Inc. , there are several causes of data leakage in companies, which include cyber terrorism, human actions, lack of processes, and organized crime. Cisco (2014) also commissioned Insight Express, a third-party market research firm, to carry out a study on various companies worldwide to determine the causes of data leakage in companies. The study mostly aimed at data leakage caused by human beings. According to the study, most data leakage that occurs worldwide is caused by employees and former employees of organizations regardless of the security tools, procedures, and policies enforced in these organizations. The study conducted by Insight Express indicated that employees cause data leakage by using unauthorized applications, misusing corporate computers, unauthorized network and physical access, misusing passwords, and remote worker security. Employees around the world use unauthorized computer programs at workplaces, which result in more than half of the data loss incidents in the companies they work. Sharing of work devices among employees without supervision also occurs among 44% of all employees worldwide according to the study. Up to 39% of IT professionals in companies discovered employees trying to access parts of a physical facility or computer network that they did not have authorization to. Angry employees who leave companies often want to get revenge, and they do that by leaking company secrets and other forms of data to entities that should not have them.

Logging out of a computer and using a password are some of the oldest and simplest means of computer security. It's hard to imagine today's tech-savvy users bypassing these basic security features, but they do-and in surprising numbers. At least one in three employees said that they leave their computers logged on and unlocked when away from their desk, such as when they go to lunch or go home for the evening. Another common practice is to leave a laptop on a desk overnight, sometimes without logging off. One in five employees store system login information and passwords on their computer or write them down and leave them on their desk, in unlocked cabinets, or pasted on their computers. The physical risk of storing data on the server of a third party, whose security and physical location are not in your control, can be reduced by implementing physical security, restricted access, video surveillance, and biometric access round the clock for safeguarding your data. The risk of failure is another big threat to businesses. A server should ideally offer 100% runtime and problems should be solved in real-time without any downtime. This risk can be overcome by having a team of dedicated professionals who can troubleshoot the problems. A reliable hosting provider must and should meet all these requirements and expectations of the users. This is what being reliable all is about. Every business success and the user experience they offer to customers greatly depend on the hosting provider that they opted.

How the Trend of Data Leakage can be addressed:

Categories of technological approaches used to provide data leakage detection and prevention. The issues of data leakage has become so rampant that companies are responding by coming up with strategies for preventing this unfortunate occurrences. According to XYZ, one of the major methods of controlling data leakage is through exception management. Under this strategy, companies try to block all forms of file transfer capabilities for all users within the organization. However, because there are situations when file transfers are needed for legitimate business reasons, only a few users in the organization are given the authority to transfer files. Even with this exception, it is necessary to control, audit, and review exceptions.

Another method for controlling data leakage is through web filter and web uploading. Under this strategy, websites with inappropriate are filtered. Similarly, websites that allow users the capability to share sensitive information are filtered. Such sites include blogs, public storage sites, forums, and social media. Blocking employees' capability to access such websites from office computers reduce the risk of data leakage significantly.

Watermarking is also a very effective strategy in which copies of documents with sensitive data are embedded with a unique code before they are distributed to third parties. That way, if that copy of document is found on the internet or in the hands of unauthorized parties, the organization can know who leaked it.