Refresh your news feed and you will often see yet another company has become the victim of a data leak. Today, most companies are storing sensitive information electronically, making data leaks a major concern. Information security is becoming more important than ever.
Data Leak vs. Data Breach
So, what is a data leak? Data leaks and data breaches both involve exposure to sensitive information. The main distinction though, is data leaks are caused internally, usually unintentionally. Data breaches, on the other hand, are intentionally caused by external actors. The most frequent causes of both, however, are a lack of employee training and poor information security.
Because they involve external bad actors intentionally breaching a system to attack your data, data breaches are more nefarious than data leaks. But, just because a data leak isn’t as sinister in origin doesn’t mean its consequences are any less severe. Criminals often use information from data leaks for data breaches.
You may recall from your newsfeed earlier this year when Samsung became one of the higher profile examples of a company suffering a data leak.[1] In Samsung’s case, employees shared sensitive source code with ChatGPT to have the generative AI app check for errors. Employees also tried using ChatGPT to convert a recording of a meeting into notes. This information is now available on the internet. ChatGPT is becoming increasingly popular for summarizing documents, which becomes a concern, particularly for privacy professionals worried about exposing personal information.
Types of Leaks
- Confidential Information: These leaks can include a company’s financial data, trade secrets, and other proprietary business information.
- Intellectual Property: These leaks involve a company’s patents, trademarks, copyrights, and trade secrets.
- Personal Information: These leaks include customer and employee information. This data type typically includes names, addresses, or credit card information.
All types of leaks can have devastating consequences, including damaging a company’s reputation, loss of customers, legal fees, and revenue loss, to name a few.
Data Leak Prevention
It is important to be proactive to prevent data leaks from happening. Here are some things companies can do:
- Monitor Network Traffic: Increase your network traffic monitoring. Increased monitoring may help identify suspicious activity and pinpoint security vulnerabilities.
- Restrict Access: Sensitive or confidential data shouldn’t be accessed by those that don’t require it. Companies should only grant access to employees that require access to sensitive information and are trained to safeguard this data.
- Multifactor Identification: It is always a good policy to have strong password requirements for company employees. Implementing multifactor identification ensures that password leaks themselves don’t cause a breach.
- Training: Employers need to train employees to recognize the tricky tactics cybercriminals use, particularly for email phishing. Suspicious emails should be reported to your company’s security team. Regular security training keeps security top-of-mind for employees.
- Vendor Risk Assessments: Unfortunately, your vendors may not take cybersecurity seriously. Risk questionnaires can be used to determine third-party security risks. Companies should evaluate each vendor’s security risks and ensure they comply with regulatory standards.
[1] Mashable SEA. Whoops, Samsung Workers Accidentally Leaked Trade Secrets via ChatGPT. April 6, 2023.
Disclaimer: The purpose of this post is to provide general education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.