Home»Google Workspace Best Practices»How to Prevent Data Leaks

How to Prevent Data Leaks

In this article, we will take a look at major cybersecurity risks and best practices on how to prevent data leaks, and reduce or avoid them.

There have been some very high-profile data breaches in the last couple of years, all of which have cost thousands of dollars of damage and a severe blow to the reputation of the company involved:

  • In late 2014, hackers stole the account information of over 500 million Yahoo email accounts. Details included names, addresses, telephone numbers, dates of birth, and encrypted passwords, all of which could be used to access other accounts belonging to these users. The breach was not fully disclosed until September 2016.
  • In March 2014, hackers used login information leaked by eBay employees to access sensitive user data of 145 million customers, putting these users at risk of identity theft, password theft, and phishing risks.
  • In July 2015, user data of the extramarital dating site, Ashley Madison, was stolen by hackers. The public leaking of the data caused embarrassment and humiliation for thousands of users of the site, and there was even a website set up allowing people to search for their spouse’s emails to see if they were ever registered with the site.
  • In June 2016, the Twitter and Pinterest accounts of Facebook CEO, Mark Zuckerberg, were vandalized. The Hacker had discovered Zuckerberg’s password in a 2012 LinkedIn data breach and he had used the same password across several accounts.

Data leaks of sensitive information can be devastating for a business of any size. The total cost of data breaches in 2015 was estimated at $4 million. In order to protect your company from critical data breaches, it’s important to understand how data leakage in the organization.

Malicious Hacking Attacks

As you can see from the examples of recent data breaches above, malicious attacks by hackers are one of the main causes of data breaches. A 2015 report by Risk Based Security found that hacking accounted for over half of all reported data breaches during the year.

These breaches may occur due to a targeted hacking attack; inadvertent installation of malware, which can steal user passwords and gain backdoor access to sensitive information; and ransomware, which is software that encrypts files until the victim agrees to pay a large sum of money to the attacker.

Some of the biggest companies in the world with the tightest security protocols have fallen prey to hackers, so it’s not 100% avoidable. However, companies should avoid being an easy target by having strict security policies, investing in staff security training, installing appropriate antivirus software and firewalls, and ensuring that computer systems and software are always kept up to date.

Negligent Employees or Insufficient Security Training

How to Prevent Data Leaks: Negligent Employees Insufficient Security Training

More than half of corporate data breaches can be traced back to an employee. In some cases, this may be a malicious leak of data by a disgruntled employee, but in the majority of cases, this breach is inadvertent and caused by poor security procedures.

According to the study linked above, many organizations provide only brief security training for their employees and do not sufficiently educate staff in the causes of data breaches.

Insecure passwords, using the same passwords on several accounts and for long periods of time, working over an insecure network, and even sending a document to the wrong person can all be ways in which an employee can accidentally cause a data breach.

Phishing and Social Engineering Attacks

Phishing scams, in which hackers set up fake websites and applications in order to steal passwords can allow access to sensitive information within minutes.  The unknowing employee will usually click on a link from within an email that seems to come from an official source and be redirected to the fake website.

Despite awareness of phishing emails increasing over recent years, most people still find it difficult to tell genuine and fake emails apart. According to the 2016 Verizon Data Breach Investigations Report, 13% of those tested clicked on the attachment of a phishing email.

Another type of scam involves calling or emailing the target, posing as an official or co-worker, and asking questions to extract information, which could include confidential company data or passwords.

It is also possible for hackers to guess passwords using information they can find about employees via public records and social media – many people use the names of their children as part of their password, for example.

Loss or Theft of Hardware

Laptops, tablets, and mobile phones are at high risk of being stolen as they are small and easy to take and are commonly used outside the workplace in public areas such as cafes and airports. There were 9,701 cases of corporate hardware theft or loss in 2015 and 56 of those led to confirmed data breaches.

Losing an unlocked mobile phone that is logged into company accounts poses a much bigger potential loss than the cost of the hardware itself. With access to these accounts, an outsider can easily gain access to sensitive company information.

It is therefore vital that devices are locked, sensitive information is encrypted and accounts are not set to log in automatically.

Insecure Mobile Devices (BYOD)

byod-device-security

Many companies now have a BYOD (bring your own device) policy but this must be carefully managed if it is not to compromise the security of corporate data.

As noted above, stolen mobile devices can be a huge security risk but even hardware that never leaves the sight of your employees poses a threat to company data security.

If employees are allowed to bring their own devices to work, the company has less control over passwords, applications, and who has access to the device. Any insecurities on these mobile devices increase the risk of a data leak significantly.

Third-Party Software and Services

Many companies now rely on the convenience and expertise of using an external company to manage some aspect of their data. This includes accounting and team management software and cloud backup services.

Any third party is equally at risk of being attacked by hackers or having data breached in another way, so it is vital that you choose companies to work with that have stringent security procedures and make keeping client data safe their top priority.

If you are looking for a cloud backup provider, make sure you follow our G Suite Backup and Security Guide to ensure the cloud sync and storage areas are safe as storing data locally.

Deploy SpinOne Cyber Security Solutions for Data Leak Prevention

As well as ensuring staff is well-trained in cybersecurity procedures, all software is secure and up to date, and putting strict security policies into place, it is important to monitor activity across the cloud, which can provide a point of entry for hackers.

Spinbackup offers a secure encrypted backup service for company data and also a full suite of G Suite security tools and applications to help prevent data leaks and quickly secure data again in the case of a leak.

Following are a few scenarios in which Spinbackup can be used to prevent data breaches:

Case #1

Your employees have free access to all applications in Google Marketplace and you want to avoid installations of suspicious and time-wasting applications.

Solution

Use Spinbackup Apps Audit to manage all installed applications in your Google domain and remove access if necessary.

Case #2

You keep confidential corporate files in Google Apps and are concerned about the possibility that your employees may accidentally share them with someone outside of domain.

Solution

Spinbackup Domain Audit will help you to track all suspicious data-sharing events and avoid any ongoing data leaks.

Case #3

An employee is planning to leave your company and you think he may download an important client’s database to use in his next job.

Solution

Spinbackup Domain Audit will help you to track all suspicious data download events and avoid any unauthorized downloads and data breaches.