Imagine that your child, or a child that you're babysitting, comes to you and says that they "accidentally" spilled something. You've warned them to be careful, but they wouldn't listen! Would you be able to trust that they were telling you the truth?
Of course not, right?
Data spillage is more than a simple accident - it is either the result of incompetence, mistakes, or outright carelessness. You won't be able to say that you weren't warned or equipped to prevent this from happening.
Ask yourself this question: "Am I absolutely confident that ALL of our confidential information is in the right hands?"
If you didn't answer, "Yes," immediately then don't stop reading this post until you've received a solid education in Data Security 101.
What is Data Spillage?
The first time that you heard about data spillage it was likely called a "data leak" or "data breach." The problem with this term is that it offers the assumption that the person who exposed the data did so by hacking into the system. The truth is that those "hackers" didn't have to work hard to get what they wanted.
Illegal activity aside, data spillage happens when confidential information finds its way to another location where unauthorized individuals can gain access.
The majority of data spillage is innocent. There are few incidents of people walking out the door with terabytes of information stuffed into their pockets.
Are There Different Types of Data Spills?
Do you know the difference between first-degree and second-degree murder? If you're charged with the first, you planned to kill someone before you shot them. The second means that you didn't plan to run over someone, but you ran that red light anyway.
There are different "degrees" of data spills, also.
Inadvertent
An inadvertent data spill is a mistake that could not have predicted under reasonable circumstances. The person who leaks this data did not have a logical reason to believe that the actions they took would leak data to others. If you're guilty of this, you're only guilty of being ignorant.
Willful
You're the guilty one and you knew that your outright disregard for proper procedure created a data spill. It's also possible that you hacked your way into sensitive information that you were never meant to access. If you are this person, either turn yourself in or run for the border.
Negligent
If you're guilty of a negligent data spill, you were aware that doing (or not doing) a particular action would result in spillage. You either ignored procedures or didn't pay attention to detail.
How Can I Prevent Data Spillage?
Three things are inevitable in life: death, taxes, and data spillage.
That doesn't mean that you can't do your best to limit the problem to the best of your ability, though. Data security experts agree on these best practices:
1. Identify and Classify Confidential Information
There is no such thing as a general agreement on what is confidential and what is not. A business or organization has a responsibility to classify sensitive information. At the rate we exchange data, that's a definition that's constantly evolving.
This is an important step to get right, so do your homework.
2. Monitor Network Access and Activity
Do you feel confident that you can track all activity going in and out of your company's network? If you feel confident, you're already using Data Activity Monitoring (DAM) software for your company.
Don't forget the DAM software!
3. Raise Awareness
It takes compliance from humans to prevent data spillage. If that sentence terrified you as much as it should have, start making plans today to educate everyone. You need a strategy, but you need everyone's cooperation more.
In other words, spread the word and get everyone to believe.
4. Don't Be Afraid to Block Access
Yes, you have to do this even if it means a loss in productivity. A temporary loss in efficiency is nothing compared to an embarrassing and public data spillage.
Would you be willing to put the company's reputation and livelihood on the line because the CEO is screaming bloody murder? We empathize with the situation, but the truth is that data security experts have to be ready to speak truth to power.
I Discovered Data Leakage, What Now?
Best practices will protect you from personal liability, but the cold hard truth is that this is going to happen. As with most things in life or business, what matters is how you react to the problem. And as far as data spillage goes, the best defense is a strong offense.
1. Verify the Leak
I do not mean to suggest that you should keep data spillage secret. If you verify that data has leaked, you are responsible for informing everyone involved. People and organizations need to take necessary precautions to protect themselves afterward.
2. Find the Breach, Contain It, and Preserve Evidence
Law enforcement will ask about this and you will want to have solid answers. Some breaches are easier to contain than others, but a more extensive problem is inevitable if you don't take action.
3. Report What Happened
Not all cases of data leakage require going to the police. If you have reason to believe someone committed a criminal act, then you must report the incident.
4. Recover and Sanitize
Start recovery procedures and sanitize your environment with prejudice. You need to be certain that the contaminated hardware or software within your control is clean.
The big online security providers offer software for this step, but there is a Norton alternative product that permanently deletes files.
Restore the appropriate media to an acceptable state and show that you took active steps to prevent the same thing from happening again with potential future data spills.
I Need to Know More About Data Spillage
Data spillage is a major problem, so you need to have a plan to protect your business and recover any leaked data. Make sure your business is prepared for data leaks, or it might not be around much longer! There's no use crying over spilled milk, but there will be a lot to cry about over data spillage.
