What Is Data Leakage and Why Should You Care?
What is data leakage? “Data leakage” refers to the unauthorized passage of data or information from inside an organization to a destination outside its secured network. Data leakage can refer to electronic data, which can be transmitted via the web; or physical data, which can be stored and moved on devices like USB sticks or hard drives. Data leakage is one of the most important aspects of cybersecurity businesses have to consider today and can be avoided through the use of tools and education.
If you have never asked yourself, “What is data leakage?”, then there’s no better time than the present.
Data leakage is a concern that has been growing in prevalence since COVID hit last year. As businesses were forced out of their offices, they had to adopt and implement technology that meant they could still continue operating.
For many, this meant rolling out communication solutions like Zoom and collaboration tools like Google Hangouts, Slack, and Microsoft Teams.
So, What’s the Problem?
The issue with many of these organizations adopting these new tech solutions was that, from a security standpoint, a lot of companies inadvertently created vulnerabilities into their data and information by not establishing comprehensive protocols for their cybersecurity.
This isn’t necessarily an issue of the business itself, but instead an indication of the challenges that new working circumstances have brought on organizations—especially those that built their communications tech stacks on the fly.
The Severity of Cybercrime Today
The cybercrime “industry” has grown from $3 trillion to $6 trillion today—if the costs of cybercrime were the economy of a country, it would be the third largest in the world.
Since the beginning of the pandemic, there has been a 300% increase in the number of cyberattacks being committed, and SMBs are the most likely to be unprepared to face these attacks.
Not only do they lack the resources and knowledge to counter increasingly sophisticated attacks, but more often than not smaller organizations don’t have a plan for protecting themselves in the future.
Half of all SMBs reported at least one cyberattack in the last year, and 65% of them failed to act or follow up in the wake of an attack.
This is an enormous problem for small and midsized businesses, particularly today when the margins are razor thin.
It’s often simply too costly for a company to be on the receiving end of a cyberattack, but, worryingly, many are seemingly opting to ignore the dangers rather than address them head-on, often in an attempt to ease their financial pressures.
Business leaders and decision makers should ask themselves if it’s really worth the cost to not properly protect themselves and prepare for the worst.
A 2020 study showed that, once breached, 25% of SMB owners had to spend $10,000 or more to resolve the attack, which can be devastating for an SMB—43% of SMB owners have no cybersecurity defense plan in place at all.
The Human Factor
Employees are the biggest threat to a company’s data, and with so many workers operating outside of secure corporate networks, this threat is growing.
As much as cybercriminals have improved their methods and tools for stealing data and information, it is often sadly the case that a worker will be the one to inadvertently deliver it to them.
One of the reasons phishing is such a successful technique is that it prays on people’s fears and manipulates them into handing over data, often via email or through a phony website.
Related Infographic: Top 13 Phishing Stats SMBs Should Know
These types of attacks work on a law of averages approach—attackers send emails knowing that eventually someone will fall victim to them; that could be your business.
Phishing attacks increased 667% in the immediate wake of the pandemic and haven’t gone down since. Now in 2021, there are warnings from experts of COVID vaccine scams as cybercriminals continue to look for avenues of attack this year.
Weak Employee Credentials Are a Cybercriminal’s Best Friend
The human factor in cybersecurity is more apparent than ever, and this is what’s causing data leakage for organizations on a wide scale throughout the country.
IBM found in 2020 that stolen and compromised credentials are the most common causes of breaches in companies, representing nearly 40% of all malicious incidents.
Many of the issues (including breaches) that arise from human error often occur as a direct result of poor credential policies within a business—in effect setting employees up for failure.
From a data leakage perspective, overlooking basic aspects of cybersecurity like quality authentication and access control to your data and information is just asking for trouble.
In fact, in a recent rare letter to business executives, the White House specifically recommended that organizations segment their data between departments in order to avoid a situation in which once an attacker has access to one system, they have access to everything—a common pitfall that causes incredibly costly data breaches.
In a separate study, IBM found that the average cost of a data breach for a business was $3.86 million, while the time it took for companies to identify data leakages averaged over nine months.
This emphasizes the need for organizations to understand how data leakage occurs and to help their employees succeed in not falling victim to attack by ensuring the appropriate security policies for data (especially with regard to authentication and access controls) are in place.
How Does This Relate to a Typical SMB?
As we mentioned earlier, much of the US workforce has relocated outside the office.
A December 2020 study by Upwork found that 42% of American workers worked remotely. By 2025, they estimate that 22% of Americans will be working remotely full-time, an increase of 87% from the pre-pandemic days.
While many businesses anticipated that the pandemic would eventually end and workers will return to the office, it’s now becoming apparent that the trend of working remotely will only continue to evolve and pervade in business.
In fact, 74% of companies plan to permanently shift to more remote work after the pandemic, and current trends suggest that by the year 2028, 73% of all teams within businesses will have remote workers in their ranks.
In other words, businesses must prepare for remote work and all of its associated challenges, if not to protect their organization, then to ready themselves for the inevitable direction working lives are beginning to take.
As part of these considerations, it’s important to recognize that the risk of data leakage increases significantly with the addition of remote workers, and therefore important for businesses to be sure that if they are shifting in the direction of remote work that they have the protections in place that will help them avoid breaches.
What Does This Mean for SMBs Moving Forward?
The current state of remote work, SMB tech stacks, and cybercrime paint a fairly grim picture as far as small and midsized businesses are concerned.
If you are a small business and you’re concerned about data leakage and the general security of your business data, there are steps you can take to ensure your operations are safer.
1. Make sure your UCaaS solution protects your data
Unified communication solutions, like Google Hangouts and Microsoft Teams, are not born equal. For example, Teams and Slack will encrypt data at rest in their data centers, while Zoom only encrypted data in transit for several years, only employing end-to-end encryption towards the end of 2020.
This is not to say one is better than the other, just that businesses should have a clear awareness of the security features of their tech tools and assess whether they are comprehensive enough for their operations.
Make sure you know exactly where you stand when it comes to your communication tools and their associated data protection methods.
2. Educate your workforce
Employees are a weak link in a company’s cyber defense, as we noted above. Utilize security awareness programs that educate them and improve their vigilance, so they’re not caught out by phishing attempts.
The importance of security awareness as a component to a wider cybersecurity defense should not be understated.
It’s common for businesses to invest in cybersecurity technology while neglecting to properly educate their workforces on how to avoid being the victim of a breach.
The number of businesses investing in security awareness is an issue, with as many as 47% not utilizing training at all.
3. Ask yourself if your endpoints are secured appropriately
Endpoints can be mobile phones, laptops, tablets; any device that’s connected and accessing company data. Many of these endpoints are not properly provisioned and lack adequate security to be accessing organization data remotely.
Consider whether you need a tool like an MDM solution that can help you manage, update, and secure (and in some circumstances even wipe) these devices.
The same cybersecurity challenges that persisted throughout 2020 are still very much prevalent today.
The combination of a remote workforce, poor preparation by companies, and the vulnerabilities that ensue from these means that SMBs in particular are at acute risk of becoming victims of cybercrime.
Small and midsized businesses should avoid slipping into the naïve thought-process that they won’t be the ones who are attacked (evidence suggests strongly to the contrary) and instead take a closer look at whether their solutions and protocols are sufficient enough to protect their company data from harm.
Many SMBs are receiving cybersecurity audits for exactly this, and it’s important for organizations to have a firm understanding of where they stand for this year and years to come.
Subscribe to our blog to receive more insights into business technology and stay up to date with marketing, cybersecurity, and other tech news and trends (don’t worry, we won’t pester you).