8 Data Leakage Prevention Best Practices

June 12, 2018 Eric Dosal Eric Dosal

Data leaks are not only embarrassing, they’re actively dangerous for your business and your customers. Preventing data leakage—whether from accidents or intentional attacks—remains a top priority for modern businesses in a world where information can travel across the globe in mere seconds. Once the proverbial genie is out of the bottle, it’s almost impossible to again contain it.

So, how can you minimize your risk of data leakage to protect your business?

Following a few best practices for stopping accidental and intentional data leaks can help:

Best Practices to Stop Accidental Data Leaks

Not all data leaks are the result of malicious actions. In a lot of cases, it’s the result of an honest mistake—someone sends an email to the wrong recipient, forgets to encrypt a piece of data they’re transmitting, or puts sensitive files on a USB drive and accidentally uploads it to an unprotected personal computer.

Some best practices that your organization can use to minimize the risk of accidental data leakage include:

  • Applying a Policy of Least Privilege (POLP) to Data Access. It’s hard for someone to accidentally leak data they don’t have access to it. A policy of least privilege restricts each user’s data access to the absolute minimum they need to perform their job function. Using such a policy also helps to minimize the risk of intentional data leaks, too.
  • Place Restrictions on What Email Domains Employees Can Send Attachments to on Company Systems. Some email clients and applications allow you to organize people into groups or organizations and manage out-of-group communications to some extent. For example, Google Drive can be set to generate a confirmation screen/warning when sharing access to a file with someone outside the employee’s organization/group. Using these kinds of alerts can make it much less likely that data will be accidentally shared.
  • Establish a BYOD Policy and Enforce It! A bring your own device (BYOD) policy can help your organization define the rules for if and how employees may use personal devices, such as smartphones, laptops, USB drives, and other devices that can be used to copy, store, and transmit data in the workplace. If such devices are not allowed (or have their use restricted) in the workplace, it can reduce the risk of accidental data leakage.
  • Provide Cybersecurity Awareness Training. Employees need to know not only what the biggest data leak risks are, but what the potential impacts of such leaks can be for the organization. Providing such awareness training helps employees avoid making basic mistakes that lead to data leaks. Additionally, it can help employees identify phishing attempts and other strategies that malicious actors may try to use to steal data.

The above practices are highly effective for preventing accidental data leakage for most organizations. But, what about data leaks that arise from the abuse of user credentials or attacks on your network infrastructure?

Best Practices to Stop Intentional Data Leaks

While you may not be able to stop every malicious actor who tries to take your data for their own personal gain, you can minimize your risks of a data leak by following a few best practices, including:

  • Installing Basic Cybersecurity Protections on All Network Endpoints. A basic antivirus program or firewall might not stop a determined attacker or a malicious insider, but such basic protections can prevent less sophisticated attempts to steal data from succeeding or at least slow an attacker’s progress. Also, email client antivirus systems can help prevent some data leaks by scanning email attachments for malware.
  • Making Sure to Clear Sensitive Data from Non-Critical Systems. Does a copy of your company’s most sensitive information, such as customer records and payment card information, need to be on every terminal in the office? No, nor should they be. Cleaning up individual terminals and making sure that all of your most sensitive data is kept on your most isolated (and well-protected) systems is a core part of preventing data leaks. If an attacker gets malware on one random workstation, keeping that workstation clear of sensitive info can lower your risk of a data leak.
  • Using Defense in Depth Security Strategies. The more layers of protection you can put on your network, the better. Having a layered defense on your network—one that employs firewalls that isolate each asset and restrict peer-to-peer traffic—makes it harder for an attack to access all of your most protected assets at once. This way, even if an attack gets past your outermost perimeter defenses, it will take time and effort for the attacker to access more than a handful of your IT assets.
  • Install IDS/IPS Systems and Run Penetration Tests. A key part of preventing a data leak is being able to quickly identify an attempt to steal data and contain the breach. The longer it takes to identify an intrusion attempt, the more time an attacker has to breach your defenses and steal data. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) can help with early attack detection and (in the case of IPS) even provide some automated attack prevention. Penetration tests help you test your security measures for potential weaknesses and verify how effective your IDS/IPS solution is at detecting various kinds of intrusion attempts.

How many of these best practices does your business use? If you need help implementing security solutions to follow cybersecurity best practices, contact Compuquip Cybersecurity today! We’re here to help businesses protect their data so they can focus on growth rather than worrying about network architecture security.

back-to-cybersecurity-basics