In computer security, data leakage, also known as information leakage or leakage of sensitive or confidential data, has been occurring more and more frequently in recent years. But it was as a result of the Wikileaks leaks , starting in 2010, that they acquired media importance. We review what an information leak consists of and possible prevention measures.
What is Information Leakage? What is information leakage
A data leak or Data Leakage is the loss of confidentiality of the information of an organization, company or individual, by obtaining it or the knowledge of its content by unauthorized persons.
Unless proper controls are diligently applied, information can be expected to end up in the hands of unwanted people. Even implementing controls, the risk of an information leak does not go away.
Data leaks can be caused by internal or external causes to organizations:
- Internal: caused for example, intentionally or accidentally by internal personnel of the organization.
- External: for example, the leakage of the personal data of the employees of a company due to a security incident of a supplier.
They can also be deliberate or involuntary:
- Deliberate: confidential data is filtered or revealed with the purpose of obtaining an economic advantage or causing damage or harm to organizations: financial penalties, loss of a competitive advantage, loss of image or reputation, etc.
- Involuntary: confidential data is accidentally or unintentionally leaked or revealed, for example, by not following good information security practices.
Causes of a data breach
The most common cause of data leaks in organizations is the lack or loss of awareness and discipline in good practices and security measures for the treatment of information. Most of the time they are caused by:
- Failure to erase information appropriately from removable media
- store sensitive information on portable devices
- do not encrypt data
- or that information storage devices end up in the wrong hands through loss or theft.
Consequences of an information leak
Depending on the type of information that is revealed or leaked, the consequences that it produces are different. For example, the leakage of personal data can cause significant economic losses for organizations, either due to fines from regulatory agencies or the loss of the trust of their customers. If a trade secret is disclosed, it can result in the loss of a competitive advantage which in turn leads to financial damage.
In general, information leaks produce the following costs for organizations:
- Investigation of the incident and remedial measures.
- Contact with the interested parties to inform them.
- Penalties and fines from regulatory agencies.
- Contractual responsibilities.
- Compensation expenses to the affected interested parties.
- Loss of customer trust and reputation.
How to prevent information leakage in computing
The main prevention measures against the leakage of confidential data are:
- Define procedures for the classification and treatment of information and implement them.
- Training and awareness of employees in good information security practices and in the approved procedures for the classification and treatment of information.
- Limit as far as possible the use of removable media for the transport or storage of sensitive information.
- Encrypt information in storage and in transit over untrusted networks.
- Implement physical and logical access control measures to the facilities where the information is located, to the network, to the information itself and the systems that support it.
- Implementation of DLP systems.
The leakage of data or disclosure of confidential information causes damages to organizations and individuals, including economic losses derived from sanctions, the loss of trust of their clients, the reputation of the brand, competitive advantages … You can mitigate the risk of their occurrence by implementing technical and organizational measures but, above all, by training and raising people’s awareness.