Data Leakage

Email, the Internet and the proliferation of removable storage devices have made it too easy to leak confidential information, either deliberately or accidentally.

Employee-generated loss of confidential data can be both costly and embarrassing. Newspapers are littered with stories about confidentiality breaches, including employees that send product plans to competitors; hospitals that accidentally send patient information to the wrong person; executives that accidentally hit the 'reply to all' button inadvertently revealing information about future acquisitions to third-parties; and more.

Setting Expectations and Guidelines

All staff members should be aware of the importance of confidential information and their obligations to protect it. Employees should be trained to know how to handle and distribute information that is confidential or proprietary in nature. Policies for protecting confidential information require common sense and best practice.

A key part of confidential data protection is an organization's Acceptable Use Policy (AUP). Some parts of an AUP that relate to confidential data are:

Defining Confidential Information

Proprietary information should not be divulged improperly. Highly confidential information should not be sent out via email or the Internet without encryption and should not be allowed to be copied onto removable storage devices.

Clarifying Responsibility

Employees should be informed that they could be held responsible for the content of all communications that they store or send using email or the Internet. They could also be held accountable for copying confidential data onto removable storage devices.

Respecting Copyright

Employees should also be informed about copyright issues relating to:

• Electronic copies of documents obtained via email or the Internet
• Unauthorized copying of copyrighted material onto removable storage media such as USB sticks

Legal Compliance

Regulatory compliance and legal obligations are now key motivators for securing and protecting confidential information.

A well-known example is the US HIPAA legislation (the Health Insurance Portability and Accountability Act). One of the main aims of HIPAA is to address the security and privacy of health data. This places significant obligations on the healthcare industry to ensure the privacy of patient information.

The financial sector, national and local government agencies, and education providers are also seeing increasing governance and legal obligations for securing confidential information.

How M86 Security Helps Prevent Data Leakage

M86 Security's Web, email and endpoint security solutions can play an important part in protecting your confidential data.

Email security products:

• Specify attachment types (block, restrict or strip attachments)
• Identify confidential content by user-defined keywords, using TextCensor lexical analysis Identifying/blocking messages larger than a specified size
• Identify messages with a specified number of recipients or attachments
• Identify the message source or destination
• Provide comprehensive reporting on the content that has been transmitted

Web security products control "back door" data leakage by:

• Controlling and filtering file and content uploads to external websites such as Webmail programs and social networking sites
• Providing comprehensive reporting on any content that has been transmitted

Endpoint security product:

• Prevents the transfer of files to or from unauthorized portable devices
• Automatically encrypts data copied to approved devices
• Provides complete visibility of device and file access on the network
• Provides granular control over who has access to what devices and for how long