Data leakage 'always preventable'

Data leakage 'always preventable'

Major survey highlights routine neglect of data protection

A security services vendor said this week that all data leakage incidents could be prevented if corporate security policies are implemented, monitored and enforced.

Orthus published the results of its monitoring of more than 100,000 hours of user activity captured through its Data Leakage Audit Service.

The broad reaching survey, undertaken over the past 12 months, looked into the ways in which internal users access, process, store and transmit sensitive information.

Data included personal and financial information, product roadmap and future product details, contracts, pricing information and HR records.

The findings show that every organisation without exception had suffered multiple instances of data leakage, many of them serious and potentially damaging.

Orthus said that the results show clearly that the threat from within is real and continues to be overlooked, and that trusted users are the most likely source of information leaks.

Key results from the survey suggest that corporate data leakage is most likely to occur through mobile devices. Around 68 per cent of all identified events were linked to mobile rather than fixed desktop systems.

IT and customer services departments suffered the highest incidence of data leakage, mostly during the extended working day.

The applications most favoured by users to remove sensitive data were web mail, instant messaging and social networking sites.

Richard Hollis, managing director of Orthus, said: "Companies continue to try and protect information by protecting the architecture. They neglect the protection of data.

"Until organisations accept that the majority of losses are associated with authorised users and implement the necessary controls where they are effective, i.e. between the user and the information itself, these losses will continue."