Data leakage – the risk, the reality and messaging channels

Data Loss, Leaks and Breaches

Data leakage is a problem that has hit the headlines around the world. Whether it is the dreaded “sorry this email was meant for someone else” or a lost USB or a malicious act on the part of a disgruntled employee, data leakage is on the rise.

 Essentially Data Leakage is when there is an unauthorized transmission of information or data from inside an organization. This can be either a deliberate or accidental release.

The reality is that there are now more channels for communications with external audiences. So, it is more likely that data will leak or there can be breaches.

Email is the most common channel for leakage. In the 2021 Current Status of Privacy Compliance survey by Egress,  44% of employees admitted that they have mistakenly exposed personally identifiable information or business sensitive information over corporate email accounts.

However, leakage over channels like messaging applications like WhatsApp, WeChat, Signal, Telegram and LINE are becoming more likely and more frequent.

Is data leakage a real problem

Yes.  70% of the Egress survey respondents have had some form of data leakage breach in the past five years. Additionally 50% of respondents saw a leak in the past 12 months.

According to IBM’s Cost of a Data Breach Report 2020, the average data breach can cost USD3.86 million and take 280 days to identify. Surveys have indicated that 37% experienced reputational damage or client churn from a breach.

Covid-19 has exacerbated this issue. Research by IBM and Ponemon Institute indicted that workforces that are 100% remote may increase the average cost of a data breach by up to USD137,000.

Why does Data Leak?

This happens for a number of reasons:

Accidental

Firstly, not all leakage is malicious in intent. In fact, most are accidental. Sending the email to the wrong person, or accidentally sending data or information that you do not have the right to send to an external party are unfortunate realities of every-day life. In other words, without controls to manage and control data that is sent, this is a reality.

Disgruntled/Intentional employee acts

The intentional dissemination of information by an employee to a third part for financial gain or perhaps as revenge.

Malware

Phishing, suspicious links or malicious applications – all can lead to unsuspecting employees opening doors for data to leak out through file transfer or access of information on a device or network.

Not just email and USBs

Previously data leakage has predominantly occurred either through email and web tools, or through portable devices like USBs or laptops. However, the increase in hybrid working due to Covid-19 means employees share more conversations and documents over messaging applications like WhatsApp, WeChat, Signal, Telegram and LINE. These conversations have become a new channel that IT Departments must consider in their Data Loss Prevention programs.

What should organizations do?

Realistically, there are five key elements that corporates should consider in a data loss prevention program for messaging applications:

  • Restrict classes of documents

The organization must consider a robust process of categorizing documents depending on whether they can be shared internally or externally. Additionally, they should ensure the messaging system that processes the information can recognize these categories.  Ideally it should prevent any internal documents from being shared with external parties.

  • Hierarchical sharing

In some regulatory jurisdictions there are rules on who can share what information externally. Corporates should consider who has the rights to share information externally and under what circumstances. They need a system that can set these rules in place, manage them and prevent any breaches of these conditions.

  • File type

Often enterprise have corporate guidelines about what kinds of files an employee can share with external parties. For example an organization could ban employees from sending video or emojis or photos. The organization needs to decide what file types are appropriate and ensure there is a system to prevent these file types from being shared.

  • Role and Geography

Similarly hierarchical role and geography are important considerations. What information can be shared with whom by whom and where? Are there geographic limitations or limitations on project teams who can be in the same chat groups where information is shared? Organizations need a system that can implement not only ethical walls but rules to ensure that information can be shared only with the right people in the right companies in the right geographies.

  • Proactive rules, controls and real-time monitoring

The proactive setting of rules and controls around what information can be sent and importantly cannot be sent externally is vital. As is the control of who can send information. Setting these rules in messaging applications is difficult. However, with a platform like LeapXpert’ Federated Messaging Orchestration Platform it is easy and very customizable. Real-time monitoring of messaging conversations is essential. Essentially, the discovery that inappropriate information has been shared after the fact is not helpful. Setting preventive controls and alerts if there is a breach in real-time gives enterprises the chance to not only prevent breaches but to alert IT teams in real-time if a breach occurs.

What is the future?

As more and more employees communicate with customers over messaging applications and with more messaging applications becoming prevalent, organizations need to have appropriate systems in place to ensure that data leakage doesn’t become a problem on these channels.

For instance, LeapXpert’s Federated Messaging Orchestration Platform has robust options for organizations that want to prevent data leakage to unauthorized parties over messaging applications. This includes Data Loss Prevention tools, ethical walls, hierarchical and role based permissions, file restrictions and keyword restrictions.

To discover more about how LeapXpert helps organizations around the world to mitigate data leakage over messaging applications talk to one of our experts

Learn more about the pros and cons of messaging applications for enterprises.

This is the first part of our series on security including malware for mobile messaging applications. Stay tuned!

Ready to Leap your business?

    LeapXpert Insights?
    Follow us on Linkedin

    To find out what LeapXpert is doing right now, to learn about our news and plans, and to discover more information on how our FMOP can resolve your business communication problems, follow us on LinkedIn today.
    Catch up on our business news and achievements, explore and follow industry articles.
    FMOP
    Business messaging is a huge pain point for many organizations. At this point, putting the business messaging ‘cat’ back in the bag isn’t going to work. Customers demand the ability to communicate with companies using messengers. So what’s the solution? A Federated Messaging Orchestration Platform (FMOP).
    Read more
    Compliance
    Messaging apps are a preferred method of communication for clients to contact stockbrokers. However, being hit with a $5 million fine for not being able to keep client communications when using instant messaging is a hefty price to pay.
    Read more
    Compliance
    On Jan 22, 2020 Bloomberg announced that the use of Telegram for conducting a business deal was why the court was ruling in favor of Hyundai Motor Securities Co, costing Yuanta Securities Korea Co. ~USD $12.6 million. The Seoul Central District Court has ruled that conversations held via Telegram are not binding contracts.
    Read more
    Data ownership
    Having client poaching employees is the last thing any small business owner worries about. But just one single employee managed to cause an overnight loss of 20% in business income. Believe it or not, instant messaging can be a prime cause of client poaching.
    Read more
    Compliance
    Enterprise messaging is about more than just ensuring a consistent tone and message to your customers. It means giving your employees the right tools to respond quickly to customer requests. From compliance issues and loss of configuration control to reduced security and loss of business, there are many reasons why businesses need to implement a company wide separate enterprise messaging app.
    Read more
    Data ownership
    The privacy rights of employees are under threat from the most basic of workplace communications. Using supposedly safe, encrypted systems is putting personal information at risk, as there is no right to employee privacy on messengers once work topics appear. How can both employees and employers tackle this difficult issue?
    Read more