A Data Spill, or Data Leak, is the accidental or deliberate exposure of information into an unauthorized environment. Data spillage is often the result of hackers breaking into company networks and systems who then steal sensitive information to sell on the Dark Web. Sensitive information can includes things like Social Security Numbers, credit card numbers, banking information, health information, or login credentials (usernames and passwords).
While hackers can put critical data in the wrong hands, employees can too. Employee caused “data leaks” can be accidental such as when an employee mistakenly exposes critical or sensitive data to the Internet. These incidents may occur with zero malicious intent making the incident accidental in nature. Yet, they can still be very damaging to the company in question. Examples abound of accidental insider threats to your critical data. For example, when an employee:
On the other hand, some employee based data exposure events are entirely purposeful. Disgruntled employees can plant logic bombs that destroy data following termination. Other employees may need cash for some addiction (gambling, drugs, or sex for example), and may seek to sell your companies trade secrets to the competition for cash.
Source: Cyber.Gov.Au, NIST
Related Terms: Accidental Insider Threat, Hackers, Phishing
Additional Reading:
Amazon Investigating Employee Data Theft
7 Tips to Avoid Data Theft by Employees
SMBs are victims of too many cyberattacks. These breaches lead to reputation and financial damage for the SMB. The best way to reduce the likelihood of a Data Spill, through hackers or a disgruntled employee, is by educating your staff on best practices. Aware employees are more capable of identifying risky situations that could lead to a breach. They’re more likely to spot strange behaviors by employees who might be stealing data.
Educating your staff to be vigilant in watching for inside threats or mistakes is a critical piece of your SMB cybersecurity awareness program.
Here are a few prevention tips to reduce the risk of this happening:
There are other steps one can take, but the above actions represent a good starting place for SMB owners to building a strong cybersecurity program. With awareness comes better security.
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...
Read moreA recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.