Controlling the flow: Data management explained

In this article:

• What is data security?
• What is a data leak?
• What is data leak detection software?

What is data security?

The modern organisation is data driven, but data is also a risk factor. Data security is all about protecting data from wrongful access, disclosure, alteration, destruction, or any other harm or misuse. It is a blanket term to describe the measures, practices, and technologies used to safeguard data throughout its lifecycle. Without data security, the risk of cyber threats and data breaches increases.

Staying on top of your cyber security risks means that your due diligence must also include interrogating the way your third parties handle data.

Key aspects of data security

Data confidentiality ensures that only authorised people or systems can access and view sensitive or private information. Access controls, encryption, and secure transmission methods are all great tools for avoiding potential cyber risks.

Data integrity ensures that data remains accurate, consistent, and unaltered throughout its lifecycle. Data integrity measures involve safeguards to prevent unapproved changes or corruption. You can verify data integrity with techniques such as checksums, digital signatures, and data validation.

Data availability ensures that authorised users have timely and constant access to data when needed. Availability measures involve implementing redundant systems, backups, disaster recovery plans, and robust infrastructure to prevent data loss or disruptions.

Authentication and access control refers to verifying the identity of users and granting access rights based on their roles and privileges. You can confirm user identities with things like passwords, biometrics, or two-factor authentication. Security teams use access control mechanisms, such as role-based access control (RBAC) or access control lists (ACLs).

Encryption encodes data in a way that only authorised parties can decrypt and understand. Encryption keeps the data private and prevents unauthorised access or interception of data during transmission (in transit) or storage (at rest).

Security policies and procedures define your security standards, guidelines, and best practices. Regular training and awareness programs ensure that people understand and adhere to these policies.

These policies address data handling, access control, incident response, and other security-related aspects. Even though the terms used may be unfamiliar to many people, make the policies easy to understand. Try to keep the information relevant. For example, does the policy need to explain the Factor Analysis of Information Risk (FAIR) model?

Regular data backups and recovery procedures are essential for data security, and industry standards may require them. You can restore your data in cases of accidental deletion, hardware failures, or data corruption. Store your backup copies securely.

Continuous monitoring and auditing of data systems, networks, and activities help detect and prevent security incidents. Monitoring tools and techniques identify unusual or suspicious activities that may indicate security breaches. Auditing helps ensure compliance with security policies and regulatory requirements.

What is a data leak?

Data leaks are a breach of data security. They happen when secure information is exposed, whether online or offline. Data leaks (or data breaches/data exposure) often result from ransomware attacks, human error, or technical faults in security systems. They can also happen if physical documents are lost or stolen.

Data that qualifies as a digital asset is a major vulnerability for most organisations. In some ways, security teams find data harder to manage than an attack surface. People can be manipulated, and they make mistakes. Threat actors know that this makes people great entry points to sensitive data.

For example, in 2023 the Police Service of Northern Ireland (PSNI) suffered a “catastrophic” data leak because of human error. The service sent too much information in answer to a Freedom of Information request. In a separate incident the same year, a laptop, radio and documents were stolen from a PSNI superintendent’s car.

Common causes of data leaks

Unauthorised access: Someone gains access they shouldn’t have to systems, networks, or databases containing sensitive information. They can then extract, copy, or download the data for their own purposes. Even if you trust everyone in your organisation, you still need access controls.

Insider threats: Someone with legitimate access to sensitive data can misuse their privileges or leak the information on purpose. Motivations include personal gain (either financial or career advancement), revenge, ideology, or pure malice.

Hacking and cyber-attacks: External threat actors can exploit vulnerabilities in systems or networks to access your sensitive data. They might use sophisticated techniques such as hacking, malware infections, SQL injections, or exploit software vulnerabilities.

Lost or stolen devices can have information stored on them that may be more valuable than the devices themselves. You should also make sure that people log out of internet-facing assets on portable devices, for example, while they're commuting.

Internet-facing assets are your online programs and services. These are a large part of your attack surface, so should be included in your attack surface management and your vulnerability management.

Fortunately, the PSNI could remotely disable the stolen laptop and radio. But the thieves also took hardcopy files. In addition to encryption and access controls, you need a strict protocol for handling and transporting devices and documents.

Social engineering: Threat actors can find it surprisingly easy to trick you into sharing personal information. ChatGPT and deep fake voice technology, to take two examples, are being used in phishing emails and phone calls.

Weak security controls: Even now, many organisations are vulnerable to cyber-attacks because they ignore the basics. Improving your security posture could be as easy as making sure people don’t share passwords and login details.

Easily guessed at passwords, unpatched software, misconfigured systems and a lack of encryption remain shockingly common. In 2018, the UK Information Commissioner’s Office fined the British and Foreign Bible Society £100,000. Hackers guessed an old password and accessed donor information.

The impact of data leaks can’t be overstated. The PSNI data breach put the physical safety of hundreds of officers at risk.

Proactive measures to prevent data leaks are essential:

• strong security controls;
• access management;
• encryption;
• regular security assessments; and
• people training.

Just as important are thorough incident response plans and procedures that will help you to respond swiftly and effectively.

What is data leak detection software?

Sometimes called data loss prevention (DLP) software, it helps you to identify, monitor, and mitigate the risk of data leaks in real time. It does this by monitoring the data in three stages:

1. in transit;
2. at rest; and
3. in use.

Typical features and capabilities of data leak detection software

Content monitoring: The software monitors and analyses documents, emails, file transfers, and database queries. It identifies sensitive information, including personally identifiable information (PII), financial data, intellectual property, or other confidential data. It uses predefined data patterns, regular expressions, and algorithms to identify and classify sensitive information.

Policy enforcement: DLP software helps you to define and enforce policies that govern how sensitive data should be handled and transmitted. Policies may include restrictions on data sharing, encryption requirements, access controls, and acceptable use guidelines. The software monitors data flows and enforces policy compliance, generating alerts or blocking unauthorised transfers.

Data discovery and classification: The software scans and analyses to discover sensitive data and classify it based on predefined criteria. This helps your organisation to get real insights into its data landscape, understand data sensitivity levels, and apply appropriate security controls.

User and entity behaviour analytics (UEBA): Advanced data leak detection solutions incorporate UEBA capabilities to identify unusual user behaviour. It searches for signs of internal threats or data theft, known as ‘data exfiltration.’ UEBA analyses user activities, such as their access patterns, how much data they’re accessing (data access levels), and data transfer volumes. It’s looking for anomalies or suspicious activities.

Data loss prevention policies: The software lets your organisation create custom policies and rules based on its specific data protection needs. These policies outline the actions to take when sensitive data is detected, such as:

• blocking or quarantining data;
• sending alerts to administrators; or
• triggering automated responses.

Data encryption and masking: Data leak detection software often includes encryption and data masking capabilities to protect sensitive information. Encryption safeguards data during transmission and storage. Data masking, on the other hand, substitutes sensitive information with fictional or hidden values. This allows you to use realistic data without exposing sensitive details.

Incident response and reporting: The software provides incident management features, enabling your organisation to respond quickly to data leaks. It generates detailed reports and logs for compliance purposes, incident analysis, and auditing. This helps when you’re investigating incidents, tracking data flows, and need to demonstrate compliance with data protection regulations.

Data leak detection software is important for protecting sensitive data, following regulations, and preventing damage from data breaches. It helps you to protect your data and keep control over sensitive information on different devices, networks, and storage systems.