Understanding Data Leakages – Part 1
Cybercriminals are responsible for a huge amount of data-related crimes every year – but they aren’t the only ones responsible for the loss of sensitive business information.
A data leak, which is often the result of employee carelessness or weak IT security policies, can cause crucial information to flow out of your business, even if it wasn’t deliberate.
In this article we unpack the notion of a data leak, find out how it’s different from a data breach, And explore some of the ways data leaks occur.
is it a data leak or a data breach?
If your company suffers a sudden loss of sensitive data this is probably the first question your IT security consultant will ask. Knowing the difference between a data leak and a data breach is the first step in keeping your organisation’s information safe in the digital age.
- A data leak is any unintentional sharing of sensitive information with an unauthorised user outside your organisation. As the name implies, the ‘leak’ usually takes place from the inside out and often involves an employee or trusted user.
- A data breach is a deliberate attempt to break through your IT security system from the outside, usually by hackers or cyber criminals. This type of crime takes place from the outside in.
Put differently, the difference between a data leak and a data breach is like the difference between leaving your front door open and someone breaking the lock to get in.
what causes a data leak?
As we mentioned above, most data leaks take place due to negligence or carelessness. Here are the different types of data leaks along with the most likely cause of each one.
accidental data leaks
These data security failures take place by accident and are often caused by employees –
- sending an email containing sensitive information to the wrong person
- sharing access to confidential folders with people outside the organisation is another common cause of data leaks
- taking videos of sensitive company information or events and sharing them on social media is another way data privacy can be compromised
malicious data leaks
This type of leak is deliberate, usually carried out by a disgruntled employee who –
- seeks to discredit the company or blackmail the management
Malicious leaks often take place anonymously and it can be difficult to determine who the original culprit was.
data leaks carried out by outsiders
This type of incident is almost never an accident. Like a data breach, it is typically carried out by an outsider who plans to use the data for criminal purposes.
- perpetrators will usually try to trick an employee of the company into sending them confidential or giving them access to privileged files and folders
- IT managers can sometimes track and investigate this type of leak by flagging emails and folder access granted to people outside the organisation
data leaks caused by IT security failure
This type of leak is caused by incorrect network security settings or errors in mailing list automation software.
- by the time the error is discovered, important data will probably already have leaked out of the company
- identifying the cause of the leak and ensuring that doesn’t occur again is essential in this scenario.
protect your data from cybercriminals
No matter what causes a data leak, the cost to your business can be huge. Over the past few years, we’ve witnessed financially damaging data leaks at companies including household names like Nespresso.
Ensuring that your IT security is on point and that your data is encrypted and secured with cloud storage will help you avoid a similar scenario in your own business.
In our next article, Data Leaks Part 2, we’ll explore the topic of data leaks in more detail and look at some ways you can protect your business against this preventable but damaging type of cybersecurity failure.