Posted by Tony Abou-Assaleh on August 28th, 2018

confidential information leak

What is an information leak?

An information leak takes place when confidential information is revealed to unauthorized persons or parties. Any cursory scan of news sources demonstrates that unfortunately, data leaks happen with alarming frequency. Unsurprisingly, if the information is leaked concerning project deals or tender information, there can be a large loss of revenue for your business.

Information leaks may not always appear to directly hamper your business; however, there are often indirect repercussions. The leakage of confidential customer information can harm the reputation of your company in the marketplace. Future customers will be apprehensive about working with you, or in divulging personal information to your company.

How to

Handle upper management carefully

IT professionals often work under the umbrella of technical terminology that’s not always accessible to those outside the department. This issue, among others, can cause friction between executive teams and those responsible for managing security. Interested in learning more? We’ve written a blog post on the resistance IT professionals can be met with when communicating cybersecurity issues to management.

Management teams are often the gatekeepers of important information. Often times confidential client information is not accessible to employees at a lower level in the company hierarchy. This opens up the possibility of an information leak stemming from upper management. That’s why it’s important to include executive members in all cybersecurity training sessions, regardless of whether they deem it necessary. It’s also another reason why it’s always a good idea to manage relationships carefully, ensuring that employees who leave your organization do so on a positive note. If the employee is happy they’re less likely to share information that could compromise your business.

Preventive measures

There is no point in crying over spilled milk. Once a client’s information is leaked, nothing much can be done about it. You can file a complaint, inform authorities about the infraction and wait for the law to handle the matter. All the more reason for you to work harder to prevent any future leaks. Here are some tips for preventing a security breach at your business:

  • Mitigate threats from ex-employees by carrying out stringent security checks both before they’re hired and after they’ve left.
  • Change passwords after the departure of any employees who have had access to sensitive information.
  • Carry out a security check on all official and unofficial accounts and mail of ex-employees, at least once a month.
  • Keep a regular check on the outflow of confidential information from the company.
  • Improve internal systems and ensure that both the Human Resources and IT departments of your company work hand in hand to protect vital information.
  • Collect workplace feedback from employees on a regular basis so that you will be able to nip any employee negativity in the bud.
  • Hire information security and management controls.
  • If personal mobile devices are being used, implement a BYOD policy. Unsure of what to include? Here are 7 suggestions on what to include in your BYOD policy.

Don’t impose blanket bans on employees – in order to work effectively they do require timely access to data. Blocking access to information may do more harm than good, and is not the solution to prevent future confidential customer information leakage. Instead, focus on training employees and giving them the skills and confidence they need to make security decisions.

Unfortunately, there are instances where employees have accidentally leaked confidential information. In such cases, the employee should be given the benefit of the doubt. Penalizing or firing such employees may lead to the loss of good talent and even create a negative impact on employee morale. Instead, strive to develop awareness across your organization about the risks of communication and IT leakages. Try new tactics to get people excited about cybersecurity, so that they’ll be interested in playing a more active role in protecting your organization.

How are you working to mitigate the risk of data leaks at your organization? Let us know in the comments below.