Information leakage is one of the most painful issues in an organization. In addition to losing money, the organization can lose its image, and this is a blow to the company's economy. In addition, the disclosure of production technologies to competitors can nullify the company's attempts to take a more advantageous position in the sales market.
Negative factors of information leakage
The negative consequences due to information leakage can be classified as follows: failure to receive benefits from the damaged image of the enterprise; penalties from regulators; compensation in case of litigation; decrease in the value of shares when closed information from insiders appears on the market; lost tenders; loss of investment in the development of new technologies.
Types of information leaks
There are two types of leakage of classified information of an enterprise: external and internal. Considering these two types, we can conclude that an internal leak is much more dangerous than an external one. To prevent external leakage, many special protection programs have been developed today. These are all kinds of antivirus programs and firewalls. And the internal threat comes from employees who work directly in the organization and have access to classified information.
People who trade in classified information are called insiders. The harm done by insiders is much greater than from an outside hacker.
Methods of dealing with internal and external threats
The first method of dealing with insiders is to differentiate the rights of access to classified information. For this, it is necessary that the flow of information goes as follows: the head of the department sees the incoming and outgoing information of employees, and each employee sees only his own information, which is necessary to fulfill the assigned duties. Documentation intended for executives is visible only to executives.
Access to accounting information and reporting should be closed to everyone except employees of this service.
Special software is used to control employees. The work of special systems allows you to create an information security perimeter. In this perimeter, interception and monitoring of outgoing and incoming traffic with a breakdown by users takes place, as well as work with classified information and scanning to information media.
When selecting such protection systems, first of all, certain requirements are imposed: the number of coverage of channels with possible information leakage, limited visibility of employee modules, the ability to automatically control modules, recognition of a modified document with closed information, control of working modules outside the corporate network.
Despite the serious threat to the company in the event of information leakage, it is quite possible to cope with this problem with a serious approach.
