| A lot of effort and expense in Internet security is | | | | - Apple suffered significant embarrassment after two |
| directed towards 'keeping the bad guys out'. This is | | | | employees revealed secret new product information |
| half the solution. What is overlooked, and equally | | | | on their personal blog sites. |
| critical, is how to keep the important data within. | | | | - A statistician employed by the Palm Beach County, |
| Internet content security is about keeping the 'bad | | | | Fla., health department inadvertently emailed his |
| stuff' on the outside of your network. Data leakage | | | | colleagues the names of 6,600 locals known to be |
| is concerned with keeping the 'good stuff' on the | | | | infected with HIV and AIDS. This was a serious |
| inside. Who are the primary culprits on data leakage - | | | | breach of the Federal laws on handling patient |
| your own staff. Read on to see how leaks can occur | | | | information and ensuring patient privacy. |
| and what measures you need to be taking to | | | | - Honeywell International Inc. says a former |
| manage your environment. | | | | employee has disclosed sensitive information relating |
| What is Data Leakage? | | | | to 19,000 of the company's U.S. employees. |
| There are two primary data leakage elements to be | | | | What are the Costs of Data Leakage? |
| concerned with: | | | | The costs can span many areas. These can be |
| | | | anything from public embarrassment to financial loss, |
| 1. What data you should protect and | | | | reduced stock equity, loss of competitive advantage |
| 2. What constitutes a leak? | | | | or even criminal investigation and prosecution. In the |
| Data that is sensitive, or the 'good stuff', covers a | | | | case of Apple, where their employees revealed |
| range of corporate assets such as: | | | | product information before it was released, the |
| - Intellectual Property (IP) - company secrets, | | | | company's share price plummeted after the leak was |
| product designs, mathematical formulas, research | | | | revealed. The company was forced to fire the |
| papers, source code, patents, schematics, recipes, | | | | employees involved, resulting in embarrassment, lost |
| proposals, reports, etc. | | | | productivity and legal costs. |
| - Commercial Information - financial reports, | | | | In the incident with the Palm Beach health |
| employee payroll, contracts, business plans, acquisition | | | | department, the apparent violation of the Healthcare |
| targets, product and marketing launch plans, budgets, | | | | Insurance Portability and Accountability Act (HIPAA) |
| customer databases etc. | | | | could result in prosecution, not to mention the loss of |
| - Confidential Information - patient health records, | | | | patient confidence in the department's ability to |
| customer financial information, legal contracts, | | | | protect their information. When the action damages |
| employee resumes and agreements, reprimands, | | | | an image or reputation, the financial costs of data |
| pre-release reports, etc. | | | | leakage are very hard to quantify. |
| How Does Leakage Occur | | | | In more tangible matters, like IP loss, a damage |
| - Emailing data to the wrong recipient or attaching | | | | assessment can probably be compiled. Consider a |
| the wrong file to an email. | | | | hypothetical scenario, where a company's new MP3 |
| - Deliberately emailing information to competitors by | | | | player designs and specifications are leaked to a |
| an employee. | | | | competitor before it is launched. This breach could |
| - Disclosure of confidential information. | | | | undermine the company's entire business and lose |
| - Emailing confidential information in an un-encrypted | | | | millions of dollars in revenue. Imagine if the Ipod |
| format. | | | | design was leaked - what would this mean to Apple |
| - Internal staff using webmail or email that is not | | | | in lost opportunity. The damage can be |
| screened to discuss confidential subjects with | | | | embarrassment, loss of professional reputation and |
| external parties. | | | | possibly boost in the competitor's market advantage. |
| Data Leakage Is More Common Than You Expect | | | | Conclusion |
| The issue with data leakage is not how common it is, | | | | Data Leakage is real and it starts on the inside. We |
| but its severity, the nature of the data and how it | | | | often spend so much time building a wall around our |
| has been leaked. With the span of data and the | | | | enclaves that we do not consider risk internally. |
| conduits for 'leakage', almost every company can | | | | Unfortunately, real incidents are telling us we should |
| attest to an incident of an internal security breach - | | | | look inward first and then outward. How secure do |
| willful or accidental. These breaches include loss of | | | | you feel about your data leakage prevention efforts? |
| information and Intellectual Property theft. | | | | We work with companies to assure their data and |
| Interestingly, the majority of incidents came from | | | | messaging is in compliance and secure. Our solutions |
| inside their organizations. | | | | are state of the art, quick to implement, cost |
| One IDC study from late 2007 shows that 84% of | | | | effective and provide the comfort to know your |
| all data leakage incidents can be attributed to | | | | data is secure. A phone discussion with our staff is a |
| employees. And the methods for stealing data | | | | great way to assess your environment and what |
| increase - Blackberries, USB key drives, torrent | | | | would be the best action plan. Visit our website |
| uploads, and instant message file transfers. | | | | Enclave Data to learn more. |
| Companies should be more prepared than ever to | | | | You have the responsibility to maintain your |
| monitor and control these activities. | | | | company's digital environment. With the right tools, |
| What does Data Leakage look like when it is | | | | you can now also have the control to assure |
| discovered? Here are some recent media stories. | | | | compliance and protect your company's assets. |
| Imagine putting your company name in place of the | | | | Leakage involves distribution methods where data |
| one listed. For example, | | | | could be released - accidentally or stolen. |