Three Ways That Sensitive Data Is Accidentally Exposed
Although data breaches from network hacking or a malware attack get a lot of attention, accidental data disclosure is an equally serious cyber security issue. This involves an employee mistake that exposes highly sensitive information to the general public or to unintended recipients.
Whether the leaked information falls into the hands of criminals is largely a matter of chance. Inexperience, bad judgment, distraction, poor training, not following company policy, or being rushed are just a few of the many reasons this is done. Knowledge of how these accidents happen suggests security measures on their prevention. Here are three ways sensitive data is accidentally exposed:
Sending Sensitive Information to the Wrong Recipient
Manual work processes will always be subject to human error. When information is sent manually, then sending sensitive information, such as account credentials and banking information, to the wrong recipients is a real risk. Accidental release of this type happens regularly at financial institutions. This kind of breach occurs in all types of businesses.
Publishing Sensitive Documents on the Web
For their own reasons, businesses, or their employees, may publish sensitive information on web pages without password protection. These may be placed on excel, pdf, text, html, and other file types. Even if there are no navigation links leading to these pages, they may get indexed by the search engines if robots.txt files aren't used. Search engines have been known to ignore this precaution, however. In any case, anyone can find these documents by using the filetype search operator. This kind of exposure is accidental in the sense that it is done out of ignorance.
Storing Information on Personal Devices or Removable Media
The BYOD policy of many businesses means that sensitive information may be leaving company premises via the personal devices of their employees. These devices can be stolen or lost. Removable media such as portable hard drives and especially thumb drives is easily misplaced. Discarding these devices leaves them vulnerable to "dumpster divers" who can retrieve even erased data by using current data-recovery technology.
While human error will never go away, it can be minimized through proper training and by making security a part of the corporate culture. Additionally, manual processes should be replaced by automation wherever possible.
For more cyber security information and insights, please contact our team.