7 Ways to Lose Sensitive Data
With trends like BYOD, workforce mobility, and the adoption of cloud and web applications for business, there are more opportunities for sensitive data loss than ever before. Here are our top 7 ways that sensitive data is most commonly lost as well as tips for preventing data loss.
Email has become a common source of sensitive data loss, especially for businesses. Employees, whether intentionally or not, tend to break security policy by including sensitive information in the body of emails or attaching confidential documents.
To avoid losing sensitive data via email be sure to:
- Never respond to emails that ask for confidential information unless you confirm they are from legitimate sources and it is essential to send over the information
- Make a clear email policy that outlines the security measures for sending emails and make sure that all employees abide by the policy
- Use email encryption services to help ensure that emails are only readable by their intended recipients
2. Web & cloud applications
Many businesses today are adopting web applications and using cloud services without fully understanding the security implications. In doing so, businesses’ data can be exposed to threats such as data breaches, data loss, and account/service hijacking.
To keep your data secure on web/cloud apps be sure to:
- Check with your service provider to make sure they have conducted background checks on employees who have physical access to the servers in the data centers
- Have a strong method of authentication for web/cloud app users
- Make sure all your data is securely backed up in the event that your data is lost in the cloud
3. Removable media devices: USB flash drives, CD/DVDs, external hard drives, and more
Not only can removable media be infected with malware, but it can also lead to the theft of sensitive data if it falls into the wrong hands.
To mitigate the risks associated with removable media devices be sure to:
- Install anti-virus software that is capable of scanning any device that connects to your PC
- Never connect any unidentified portable media device into a PC - if you find one of these devices laying around notify your IT staff
- Keep your personal and business data on separate storage devices and only use portable storage devices when necessary
- Encrypt sensitive data on these devices and have a backup in a secure location
- Keep these devices close to you at all times and put them in a safe place as soon as you are done using them
A survey conducted back in 2013 found that 63% of businesses have experienced at least one print-related data breach. Printed material has high potential to find its way into the wrong hands as it can be easily taken, copied, and/or distributed.
To reduce the chances of being a victim of a print-related data breach, be sure to:
- Only allow classified documents to be printed after user authentication through a password, card, or by biometric means
- Only print confidential information if absolutely necessary and after make sure it is stored in a secure location
- Retrieve your printed documents right after you print them
5. Social Engineering
One of the simplest ways data is lost or stolen is through interaction with people. Whether it is information obtained from a personal conversation, written letter, or social profile, people can find a way to use this information to gain access to confidential data.
To lessen the opportunities for people to steal your data be sure to:
- Educate employees on how to recognize and avoid common social engineering tactics such as phishing attacks
- Conduct classified conversations in a private manner
- Not answer questions that seem too personal for the intended audience
- Avoid leaving important information laying out in the open
- Never give anyone any of your login credentials or access to your computer
6. Physical data loss
Physical data loss is less common as it requires the actual theft or destruction of a device containing data. However, it can be just as costly as all of the other egress channels. This type data loss is often the result of an inside job conducted by an employee, but can also occur due to circumstances such as hardware malfunction, natural disasters, and improper storage environments.
To inhibit physical data loss occurring in your company, be sure to:
- Keep up to date with inventory levels of all employee devices and report missing items immediately
- Make sure data contained by devices requires authentication in order to be accessed
- Keep up to date with maintenance of the devices’ hardware/software
- Maintain a proper work environment where devices aren’t at risk to suffer damage
- Keep track of all individuals entering and leaving the premises of your business
7. Mobile devices
As more and more people use smartphones, laptops, tablets, and other mobile devices outside of the office to do work, the chances of mobile data loss has increased. These devices have the ability to connect to the internet, social media, and email, as well as the ability to be stolen.
To prevent data loss in mobile environments, be sure to:
- Look into the use of mobile data loss prevention software
- Enforce information assurance policies
- Conduct regular data backups
- Limit the information that can be contained on mobile devices
- Keep the mobile devices in your sight at all times when out in public