In general, the data reveal two main ways: First, companies are not robust network environment will lead to data leakage, such as enterprise networks have been hackers, Trojans, and virus attacks; second is the enterprise's internal staff intentional, unintentional result of leakage of confidential information. According to the latest in IT security survey report, internal staff carelessness is by far the biggest threat to corporate data leaks, the resulting data security incidents as high as 68%. The report pointed out that all of the data leakage cases, less than 5% and 10% use encryption to protect a password-protected. This means that a lot of leaked data not encrypted or password protected. As for the means of data leaks, the report said that mistakes were accounted for 35% of the malicious hacker attacks and internal theft accounts for about 45%, of which the proportion of internal theft as high as 20%. From these statistical data can clearly see the corporate data leakage channels in addition to external hackers attacks, internal staff negligence and illegal to steal even more should not be ignored.
The statistics we can see from this report, the current data leakage accidents caused by a variety of factors. This paper will focus on internal staff from human error and intentional theft of the angle, and then put forward to prevent data leakage caused by internal staff recommendations and strategies. Other leakage problems, such as hacker attacks, Trojans, lost or laptop USB data leakage caused by such issues, this article will not be discussed in detail.
Why is a result of leakage of internal staff can be so serious?
Many companies consider data leaks when the first reaction, that is, how to guard against external threats and attacks. Therefore, many enterprises in the IT security of inputs will be focused on the anti-virus and prevent network attacks, as well as spam filtering and Web content filtering to protect against external threats. For example, companies will deploy a number of hardware and software protective measures, such as VPN, firewall, or use Network Monitor to provide an audit trail in order to prevent improper access to the outside world within the confidential information. But with these external threats and attacks defense network environment does not mean companies can sit back and relax. Because these practices are only able to reduce the risk from the outside to prevent eavesdropping or hacking have been, but is unable to prevent the deliberate or accidental release of internal information.
Because as the saying goes: "strong fortress is often compromised in-house." It is regrettable, very few companies are able to realize that the threat from within the enterprise could be bigger. According to an IDC survey data security, internal employee data leakage risks have become one of the important risk facing enterprises, and promoted to third grade, only slightly lower than Trojan viruses, attacks by hackers. For example, the data have access to employees, partners, consultants and those who can access the secure network of personnel, may have the opportunity through a variety of channels to obtain critical information and data, and may be sent to the enterprises. The report indicates the main way these data leaks, including the deliberate violation of the policy, or the accidental loss of data, for example, there are important data lost mobile storage device.
Thus, in the prevention of the threat of data leakage issues, corporate in-house staff face a bigger challenge. Insider theft of trade secrets, there are two main incentives: First, access to money; second, is the ability to obtain commercial advantage. The latter reflects the more ready to quit for a number of employees, but such cases after the departure of most of the staff have not been discovered. Can be seen, the internal threat is a difficult problem of data security management, especially in those who have deliberately data collection staff and the licensed rights management staff especially. Therefore, IT data security management In addition to regular anti-virus, IT hardware and software, the enterprises also need to perfect the relevant systems and personnel so as to ensure the security of confidential data.
|
