How to identify data leaks in your company

Following the previous article , we hope that the need and purpose of identifying data leakage in companies .

A requirement, when the intention is to prevent and prevent losses arising from this type of security incident .

A challenge for the management of internet access and information security in small and medium enterprises.

Therefore, monitoring risks and controlling the human factor on the corporate internet are the strategy and practice indicated for you to identify data leaks in your company .

Thus, entrepreneurs, IT professionals and managers are able to combat improper access, unauthorized collection and public data exposure .

After all, preventing is the best medicine. Especially when it comes to data leakage in companies.

Therefore, information is critical to minimizing the impact of the human factor and the main risks, security breaches, vulnerabilities and situations in which data protection is threatened.

See how to prevent data leakage

Watch the video of the Digital Look with a panorama on digital security, information security incidents and data leakage .

In “Data Leakage: Learn how to protect yourself” (6:56), in a very didactic way, see how public and corporate environments have vulnerabilities that can be explored by virtual criminals .

It is curious to realize that most people neglect the care of their own information and end up exposing them in the virtual environment, spontaneously.

Anyway, outside the personal scope, this behavior reproduces itself in the corporate environment . Which compromises data security and can penalize companies .

Therefore, all care is little and all information is welcome.

Similarly, it does not cost to reinforce the usefulness of web access policies , information security management and compliance processes . After all, they allow to prevent and identify data leaks in companies.

Data leakage is the responsibility of the management of the company

The video confirms what we have already written: Most data leaks occur by recklessness in internet access and personal data sharing .

Lack of care and negligence in internet access causes a series of disorders and damage to individuals.

When this behavior reproduces in the corporate sphere , the risks are even greater and the consequences can lead to great damage.

Importantly, companies must establish and enforce internet access and data security policies by their employees.

After all, it is the responsibility of business management to curb, control and monitor risk behaviors of employees .

By allowing inappropriate and/or improper behavior of employees, it exposes vulnerabilities and safety breaches . Above all, because:

• Every company is exposed to data leakage.
• Without prevention and control, any employee can put your business at risk.
• Without compliance processes against data leakage (technology, tools and control), companies become negligent.

It is a legal obligation for managers and companies to preserve integrity, data privacy and digital security. For this, they must use efficient solutions and technologies available on the market .

20 recommendations for preventing data leakage and digital threats

We have prepared a list of 20 security recommendations to identify data leakage in companies and other digital threats.

They are general and appropriate recommendations for companies of any branch and size to protect data (their and under their responsibility):

1. Pay more attention, control access and block unknown, unwanted, improper or harmful sites.

2. Disable unused digital accounts.

3. Avoid using simple and repeated passwords.

4. Use authentication of two factors.

5. Prevent or control files and local file saving on computers and mobile devices without backup.

6. Control internet access.

7. Firewall DNS solutions .

8. Make remote access to the company's internal systems and resources using a VPN .

9. Limit the publication of data and information about the company during working hours.

10. Create an Internet Access Management Policy and data security.

11. Establish a contingency and harm reduction plan if there is a data leakage in the company or other type of security incident.

12. Invest in backups and file encryption and sensitive data that need to be in the cloud. 

13. Adapt to the LGPD.

14. Communicate to the National Data Protection Authority (ANPD) all data leakage or any other security incident.

15. Do not provide or confirm data by phone, or insecure applications (WhatsApp, Telegram, Signal, among others).

16. Register your company in alert services, such as Serasa and Central Bank, the record .

17. Automate compliance processes against data leakage in the company and other security incidents.

18. Monitor the risk to your suppliers and partners.

19. Awareness of employees about the need to prevent, protect and identify data leakage and other security incidents.

20. Maintain the company and compliance processes in data security management always updated.

Identify data leakage: breaches, vulnerabilities and main risks

The purpose of this article is to facilitate access to information . Therefore, we reproduce excerpts on origins, motives, main risks, security breaches, vulnerabilities and situations in which data protection in companies is threatened.

Research and consultation sources are diverse. Therefore, at the end of each block, a “learn more” with link directed to the original content.

Data leakage origins

Data leakage in companies can originate from data theft by attackers and malicious codes that exploit vulnerabilities in systems. With access to user accounts , through weak or leaked passwords. Action of employees or former employees who collect information from the company's systems and pass it on to third parties. Theft of equipment containing sensitive data. Employee errors or negligence such as discarding media (discs and pen drives) without proper care.

Main causes of data leakage

The occurrences that lead to the greater data leakage are:

• Identity Theft and Digital Accounts Invasion.
• Identity theft leading to financial losses.
• Privacy violation.
• Scam attempts.

To resort

If you check data and fraud leakage, contact the institutions involved and follow the guidelines received. Register a police report with the police authority, to enable the investigation and safeguard. If you do not know which institution is involved, you can make a complaint on the website of the National Data Protection Authority (ANPD) .

Do not encourage data and abuse leakage

Do not buy data lists. This practice encourages more leaks to occur and put everyone at risk. Avoid accessing websites and opening files that confirm or display leaked information. They may have been created for malicious purposes to further expose your data.

Learn more.

Amount of data it has and produces

Data from registration, biographical, professional, financial and navigation. These are just a few examples of circulation by various networks and storage in different systems, devices and media. There are situations where information is lost, or are unduly accessed and even collected and sold without you being aware of it. Some examples of these situations: lose your mobile, computer or removable media. Interception during network traffic. A data leakage. In the case of invasion of accounts and systems where they are stored. Gather navigation information without transparency and share it without consent.

Information to guarantee rights and obligations

LGPD exists for the individual to have control over their personal data and learn how they are treated by public, private and third parties. According to the law, personal data is information related to the identified or identifiable natural person. As a data holder you have several rights guaranteed by LGPD in its article 18 .

Learn more.

Attack DDOS

This type of attack overloads the server's activities, causes slow system and leaves unavailable sites and accesses. A DDOS attack is one of the biggest threats to the full functioning of systems. Thus, it can generate undue access and thus expose companies to other cybers and data leakage.

Port Scanning Attack

If there is some vulnerability in the company's system, this malware seeks and finds this fragility on the server. Thus, take advantage of the security breach to steal information and data to damage the system, kidnap data ( ransomware ) or practice data leakage.

Ransomware

“Data kidnapping”, blocks access to server files and only release them by payment . Cybercriminals determine the value of the “rescue”. They require an amount that must be paid in virtual currency (cryptocurrencies) to avoid screening. The vulnerability of security that begins with improper access goes through encryption and may lead to data loss or leakage.

Trojan horse

Malware that only works with “authorization” of the user. The camouflaged virus is installed in the companies system when employees perform unknown email attachments or make suspicious downloads. Among the objectives of a Trojan horse are interrupting functions, stealing information and leaking personal data. The Computerworld portal listed some of the biggest trojan horse viruses in history.

Brute force attacks

This type of malicious attack steals accounts through various attempts at user and password combinations in a very short time. When criminals access and take possession of the information, they can send several messages with a sender known to employees, with content such as phishing and spam. Or, requesting deposits, transfers, passwords and many other sensitive information. A risk to digital security that can lead to data leakage in companies.

Phishing

Usually made by email, Phishing is a virtual threat that leads employees to reveal confidential information, including passwords, bank data and CPF. As a rule, this kind of malicious attack takes collaborators to pages identical to the true. Like the bank in which the company moves its money, for example. The hackers launch a "bait" to deceive employees and "fish" the data. and most successful attacks . A good example of the need to identify data leakage in companies.

Cryptojacking

Computers or any other Internet -connected device now make cryptocurrency mining without companies and users to know. Usually, the attack is discovered when the slowness of navigation and device performance is really remarkable. Another fragility that leads to data leakage in companies.

Zeroday

An attack that acts from failures and vulnerabilities in recently released software and applications. Explores breaches and bugs. Less common, it reaches more companies that work with digital development. This is why it is always valid to keep updated systems, software and applications up to date. A way to minimize threats and risks. It is one of the easier situations and safety vulnerabilities to be controlled. This makes life easier for managers and IT professionals when preventing digital threats and identifying data leakage in the company.

Learn more.

Spoofing

It translates as a "prank" and is very similar to phishing. It occurs when the scammer takes place for the legitimate user holding the information and tries to access accounts, servers, shopping or stealing identities of the victim. This is what happens in cases of SIM swap.

Yes swap

When a telephone number is transferred to another white SIM card, the cybercriminal calls the operator and passes the victim. It claims to have lost access to the previous chip and requests the exchange. In the call, confirms the data to authenticate the identity and makes the transfer. It can also occur within the operator itself.

Brushing scam

These are false sales made via the internet. A store creates a fake profile with real data from a consumer (name and address). Then send any object to the supposed customer (to validate delivery). Then it makes a positive purchase assessment. Other legitimate clients are fooled with fake evaluations and buy on the site.

Learn more.

The main benefits of prevention

Prevention and information are keywords for you to identify data leaks. Also, to avoid financial losses and safeguard your company's reputation.

In this sense, entrepreneurs, managers and IT professionals should always be well-informed and prepared to act preventively.

Or to reduce damage and losses , in the event of not identifying data leakage in the company.

Management steps that do not need to be difficult or complex. After all, there are simple and affordable solutions available on the market .

Preventing information security incidents is the cheapest and most intelligent strategy.

In addition, it enhances compliance processes against data leakage in companies .

At the same time, it makes hackers difficult and the occurrence of cybership and causes inadequate data destruction, loss or treatment.

Thus, it makes more effective protocols, controls and the Internet access management policy .

As a result, your company will act in accordance with the legislation ( LGPD ). This is essential to safeguard it against the heavy fines provided for by law. And also to preserve privacy rights and personal data security of users/consumers/citizens .

In practice, in addition to prevention , the best solutions in the market productivity and profitability indicators .

Subscribe to our newsletter and receive more news and materials.