Top 10 Ways to Reduce the Risk of Data Leakage

by Rupesh Kumar [Published on 25 May 2016 / Last Updated on 25 May 2016]

Data is arguably the most important asset in any organization. The implications of corporate data getting into the wrong hands could potentially be catastrophic. This document is going to give you some hopefully useful tips to help you protect yourself against the risks of data leakage.

#1 – Know where your sensitive data is

It is important that you understand where your sensitive data resides and that it is appropriately stored behind the correct accesses. Ensure that its separated from the everyday files and folders that are accessible to anyone.

#2 – Limit the number of privileged users

Ensure you grant accessibility to only users that actually need it - and ensure they have been adequately vetted. This may involve running background checks or ensuring they’ve been with the business for a period of time before allowing them access.

#3 – Monitor User Activities Regularly

Ensure you have a proactive and continuous approach to auditing your users. Ensure you can keep track of both system changes and file/folder level changes.

#4 – Implement strict data encryption procedures and authentication policies

Ensure that your most sensitive data is encrypted. This will mean that should data ever leave the organization, or a material breach occur, at the very least you know they won’t be able to do anything with it. It’s also highly recommended that data is placed behind a comprehensive authentication method, such as two factor authentication.

#5 – Train your IT staff

One of the biggest causes of data leakage is people. Often there is a lack of understanding as to good practice when it comes to handling sensitive data – this can potentially lead to data leaks. To counter this, make sure you have adequate training in place on how to handle and manage data in the business.

#6 – Ask your employees and partners to sign a non-disclosure agreement

Should you need to share data outside the business ensure that you get all parties to sign a non-disclosure agreement. It should also be common practice to check with the relevant departments that the data is allowed to be shared.

#7 – Destroy unwanted sensitive data

Ensure your sensitive documents, irrespective of age, are appropriately deleted or backed up when needed. Ensure any old hardware such as disks or USB drives are wiped and checks have been made to ensure the data is no longer available.

#8 – Secure your endpoint devices

With the advent of Bring-Your-Own-Device its more important than ever before to ensure policies are in place to secure endpoint devices that have access your IT infrastructure. This security may be ensuring access via a secure VPN or through the deployment of a network access control solution. Make sure endpoint devices have adequate levels of security inherently within them before you allow them to access confidential data.

#9 – Ensure you have an adequate perimeter

Ensure you have adequate solutions in place to keep track of content being sent and received by email or instant messaging. Make sure you have a way of keeping track of what data your employees are copying to USB drives. If there are specific departments that are handling sensitive data, they should have extra levels of security to safeguard it.

#10 – Expect what you inspect

A key way of mitigating the risk of data being leaked is ensuring that you have adequate tools in place to audit and monitor both file/folder based activity and privileged user activity. Make sure it’s public knowledge that such solutions are present within the organization as this can serve as a deterrent. 

Don’t Become a Headline

Data breaches are happening more frequently than ever before so you can’t assume it won’t happen to you. As the value of data increases so will the amount cybercrime, and this creates a problem for organizations of all sizes. Ensure you have a proactive and continuous approach to auditing and monitoring your sensitive data. You may be surprised at how cost-effective some third-party auditing solutions are – they are certainly a lot cheaper and far less embarrassing than a data breach.

See Also


The Author — Rupesh Kumar

Rupesh Kumar avatar

Rupesh Kumar is the Director of Lepide Software Pvt Ltd. (http://www.lepide.com) He has been leading Lepide since its inception and is the driving force behind all Lepide products. With an experience ranging over 15 years in the field of software development and technology writing, he oversees all that happens at Lepide. Lepide Software Private Limited – Microsoft Gold Certified Partner – is a global provider of software solutions for enterprise level management and auditing platforms. Lepide offers distinguished products required by any IT organization to meet regulatory compliances and safeguard their IT infrastructure. Some of its major products such as Lepide Exchange Recovery Manager, LepideAuditor Suite have been highly acknowledged and promoted by various Microsoft MVPs and other leading software reviewers. Lepide clientele includes personal users, administrators, SMBs, and large corporations including many Fortune 500 companies.