Internal Threats

English
‘Discovering’ Critical Data Stored On The Endpoint

‘Discovering’ Critical Data Stored On The Endpoint

Ever wondered exactly how much data you have stored on your laptop?  It doesn’t take long to amass a gazillion files, some are ones you have authored, some have been sent by email, some are from the Intranet, some are from file shares, some are from the cloud, some are… well, they can (and do) come from everywhere.

You may also have multiple versions of the same file; from work in progress through to the final version… and you never deleted the old versions.  In fact, this is the problem. These days, no-one likes to throw anything away “just in case”.  Whether it’s a personal laptop or a company laptop, there will be a mass of data stored on your machine, much of which may contain sensitive information that needs to be appropriately protected in order to comply with regulatory compliance standards.

Files contain information, and many (or most) of the files you work on from your company will be considered company assets. Some files will be public, some will be private, some will be confidential, some will be for customers and some for business partners or suppliers.  The reality is, certain types of information poses a risk should it fall into the wrong hands. Even ‘old’ information has a value and if nothing else, could cause embarrassment, reputational damage or worse if it was exposed unauthorized. The solution is to understand what data you have stored, where it is stored and then put a plan in place to deal with it.

Clearswift’s Endpoint Data Loss Prevention (DLP) solution leverages the same Deep Content Inspection Engine (DCI) which is used in its core SECURE Gateway products. The DCI can be used to scan saved files (referred to as data at rest (DAR)) on various endpoints, to identify potential data breach risks or non-compliance with company policy.  For example, there may be spreadsheets containing PCI or PII data, or documents containing confidential company Intellectual Property that needs to be stored in a specific location or secured in a certain way.  Once critical information is ‘discovered’, there are options as to what can be done next.

In the first instance, organizations tend to run the data at rest scan to understand what is often referred to as an ‘unstructured data’ issue that exists within the organization.  It is possible to use all the usual tokens, such as Credit Card, Passport and Social Security Numbers and expressions, such as regular expressions, user-defined expressions and Boolean operations which are used in the Clearswift Gateway products, enabling identification and classification of multiple different types of files in one pass.

The most common action that is applied once critical information is discovered, is to set the system to move files containing critical information to a more secure location. For example, to a file server share with restricted access, leaving behind a ‘breadcrumb’ (a file with the same name) behind to inform the user of the action taken and where the file has been moved to. The policy can be very granular so as not to move files which are currently being worked on – which would effectively be a hindrance to business operation.

Searching for unstructured data doesn’t just apply to local drives on laptops. It can also be carried out on network and cloud file shares. For an organization to really get to grips with an unstructured data risk, it needs to leave no stone unturned in its quest to discover critical data at rest.

Due to the nature of critical information, there is some which is ‘standard’ over time, such as a credit card number, while other items, for example, project code names, evolve. Unlike backup, where once the file has been backed up, it need not be backed up again, DAR scanning can happen to the same files over and over again, as different things might be looked for.  Optimizations in the solution ensure that DAR scanning can be effectively done in the background so as not to impact the users’ productivity, and even when the laptop is disconnected from the network, the results are fed back the next time the device connects.

The Clearswift DAR scan functionality is fully integrated with its data-in-use (DIU) DLP functionality, ensuring that search criteria can be common, whether the data is stored on the disk or in use, for example, being copied to removable media. The integrated solution creates consistency, which is one of the key criteria when looking for an effective DLP solution.

The critical information on your computer, even if it is several years old, can create a business risk.  By undertaking regularly DAR scanning and moving it to a more secure location, the risk is minimized, keeping the business and the user safe.

By Dr. Guy Bunker

Additional Resources:

Clearswift Endpoint Data Loss Prevention

Clearswift Endpoint Data Loss Prevention

There are multiple places within your IT infrastructure where critical information is stored. These include email Inboxes, file servers, collaboration servers (some of which might be ‘in the cloud’) and endpoint devices.  All Clearswift solutions are designed to protect critical information from falling into unauthorized hands across all these different locations and channels.  Clearswift’s Endpoint Data Loss Prevention (DLP) solution is specifically designed to address the loss of critical information at the endpoint.

There are three key components of Clearswift Endpoint DLP.  The first is the ability to regulate what devices can be connected to a company network.  The second is the ability to control the copying of data (or files) to removable media, e.g. a personal device or USB stick and encrypt it if necessary. The third is to gain visibility of what critical information is stored on a company’s various endpoints that could create an issue should it fall into unauthorized hands and move it to a more secure location. 

Device Control

Clearswift has embedded its Deep Content Inspection (DCI) into a leading endpoint protection solution, enabling organizations to enhance security and data protection processes. Removable media, including personal devices and USB sticks, has become a key risk to organizations as it is so easy to transport large quantities of information onto a very small form. Furthermore, some devices can carry malware risks with them. Clearswift Endpoint DLP has enhanced device control functionality enabling an organization to define exactly what devices are allowed to be used and/or connected to the company network. The granularity can be used to regain control, so devices can be limited by device type, device manufacturer or all the way through to specific devices. Within the defense industry, this is becoming common practice with a very restricted number of devices allowed to be used within the department or organization.

Content Transfer Control & Encryption

So, while Clearswift Endpoint DLP enables devices to be restricted, so too can the files that are allowed to be copied to them. This is where the Clearswift DCI engine comes in play.  The DCI can ensure that no company files are copied to devices which would break company policy. By using the same DCI engine on the endpoint as is used in the other Clearswift solutions, it ensures consistency across the information it finds and acts upon.

Even when the content is approved to be copied or transferred, there is still one more step which is carried out. Encryption. Encrypting the removable media ensures that if the device is lost or stolen, then the data can’t be accessed and the organization remains compliant. When GDPR came into enforcement in May 2018, several organizations locked out all USB key access to the company network. While this is practical from a compliance perspective, it is not helpful day-to-day, where information frequently does need to be transferred via USB. With its triple layer of protection: device control, content control and encryption, Clearswift Endpoint DLP is there to keep you and your organization safe.

Discovering critical information ‘at rest’

The final piece that Clearswift Endpoint DLP enables is the ability to understand what information is on the device which could be a future issue. This could be made up of tens or hundreds of thousands of files stretching back over time. Some of these files may contain sensitive information and so need additional protection. Furthermore, Clearswift Endpoint DLP is not just for laptops.  It can be deployed to trawl through on-premise file servers or cloud-based file storage to check the content (data-at-rest) stored there, and move files with critical information to more secure locations if necessary.  It will leave behind a ‘breadcrumb’, to say the file was there – but has now moved, so as to reduce the IT support call “Help, my files have disappeared”.  This 'data discovery' piece provides information security managers with visibility of information security risks within their organization, so action can be taken to prevent data breaches occuring.

In today’s world of digital collaboration, the need to understand where information is located as well as enhancing data protection processes is more critical than ever. Clearswift Endpoint DLP has been designed to reduce the challenges of today’s IT environment and improve working practices to protect critical information wherever it is stored and however it is used.

Read more about the Clearswift Endpoint DLP and how it can benefit your organization here.

Insider Threat

GDPR and the Insider Threat: How new regulations are changing our data handling habits

The General Data Protection Regulation (GDPR) has been covered extensively over the past year and has come to sit at the forefront of employees’ mind. Having been implemented on 25th May 2018, the stories are dying down and it is now ingrained in day-to-day operational processes.

Two months down the line, however, has GDPR made an impact on the way organizations think about data?

Our latest Clearswift Insider Threat Index (CITI) research, which surveyed 400 senior IT decision makers in organizations of more than 1,000 employees across the United Kingdom, Germany, and the United States, suggests that it has made more employees aware of handling data sensitively, with the insider threat going down to 38%, a 4% decrease, in the UK. The trend continues when looking at the extended enterprise, with our research revealing this has gone down by 8% since 2017, now sitting at 65%.

In addition to the UK insider threat falling, Germany also presents the same trend, with employees being held responsible for 75% of cyber incidents, down from 80% last year. However, in the United States, a country outside of the direct GDPR jurisdiction, the insider threat is still on the rise with 80% of cyber incidents occurring due to the extended enterprise.

These findings suggest that EU countries are more aware of the insider threat, and organizations have taken action to ensure their employees are becoming better data citizens post-GDPR. While the threat is going down, it remains to be a high figure and the top cybersecurity threat to businesses. Therefore, organizations must continue with efforts to secure data and ensure that this trend continues year-on-year.

Continued education

Employees in every department hold some form of sensitive data and GDPR has been instrumental in getting this message across. However, now the regulation has died down from the headlines, it’s important that the message does not go by the wayside and old habits start to creep back in. Regular training seminars and tailored data security workshops will help keep employees up to date about how to safeguard the data they handle and motivate them to continue to care about the ramifications of a breach.

Follow the data protection plan

All the hard work to build an information security plan in preparation for GDPR should not go to waste. Compliance is ongoing, and processes will need to change with the business. Ensure employees are continuing to follow the plan and know how to report any incidents that occur. While the plan may change as the company learns from the different security challenges, it is important to ensure that any amends are communicated to staff and all are following protocol, whether that is reporting an insider incident or how they should be handling data on a daily basis.

Invest in data protection technologies

Whilst the risk of employees handling data has reduced, human error is still inevitable and the insider threat still remains high. To protect your organization from the insider threat, Clearswift’s Adaptive Data Loss Prevention (A-DLP) solution has the ability to inspect all content coming in and going out of the organization – whether through email or the web – to prevent any sensitive information being shared or exposed unauthorized. The document sanitization and adaptive redaction features ensure that GDPR compliance is upheld by scanning all emails and documents flowing in and out of the business, detecting and removing only the critical information which could cause a data breach. With this technology, businesses can ensure that critical information isn’t being sent inadvertently – or maliciously – by staff, and that unwanted inbound data acquisition is prevented.

Additional Information

Clearswift Insider Threat Index 2018

Adaptive Data Loss Prevention (A-DLP)

Shadow-IT

Cloud Storage, File Sharing Apps and GDPR: This Could Get Ugly Fast!

Cloud storage services and file sharing apps such as Dropbox, Box, Microsoft OneDrive and Google Drive are so widely adopted by employees—knowingly or unknowingly by their IT departments—that most don’t think twice about using them to share corporate information. A study by SkyHigh Networks found that the average enterprise uses 76 distinct file sharing cloud services and 18.1% of files uploaded contain sensitive data. While this was an issue before May 25th, 2018, that date now rings terror into the hearts of CIOs and IT departments as the date GDPR became enforceable. Although some of the services will be endorsed by the organization, many won’t and while the Shadow IT game of “hide-and-seek” continues to amuse IT teams, the implementation of GDPR ups the stakes as fines of 20 million EUR or 4% of global turnover (whichever the greater) are more than significant to all businesses.

Difficulty Mitigating GDPR Compliance

Repercussions of the European Union’s General Data Protection Regulation (GDPR) are far-reaching. One of the outcomes will require businesses to take the use of cloud storage and applications much more seriously. Not only will businesses need to know which—and how—cloud storage and file sharing apps are being used by their employees, they also must ensure that either the cloud services in use are compliant and integrated into their GDPR processes (i.e., right to erasure / forgotten) or the flows of data to them are inspected and scrubbed of personal information.

Compliance isn’t simply for companies and individuals in the EU; GDPR applies to any company anywhere in the world that processes personal data related to EU citizens.

Shadow IT: Out of Sight, Out of Mind

The majority of executives and IT managers say they are unaware of how many unauthorized cloud or shadow cloud apps and services are being used, even though Gartner has estimated that by 2020 more than 30% of successful cyber-attacks will happen through Shadow IT. Out-of-sight-out-of-mind thinking masks reality, as they simply don’t know which file sharing apps being used. Furthermore, since data is stored offsite by a cloud service provider they believe that they have nothing to worry about. But the opposite is the case, the business retains primary responsibility. Interestingly the GDPR concept of shared responsibility should mean that the cloud service provider should be more concerned with the data they store, but as yet they are not. Organizations must work with their employees and cloud service providers to ensure compliance with GDPR.

How many applications do you have on your mobile phone? How many of those are endorsed by the company? How many have access to data such as contacts or saved documents? Now multiply that by the number of employees you have, and you start to see the magnitude of the issue. Even within a small company, there could be 1000s of applications which are ‘hidden’ from IT (and compliance), but which create risk.

While some cloud and app vendors, including Google, have embraced GDPR, many others have not, and in this case ignoring those who haven’t because you do not ‘know’ about them is not a defense. Ignorance is not bliss.

Addressing the Cloud Storage and File Sharing Ugliness

All is not bleak when it comes to cloud storage and file sharing apps co-existing in a GDPR compliant environment. We have a three-step approach to GDPR compliance:

1)      Discover: Find out just how big the issue it. For Shadow IT, this is about discovering how widespread its use is.

2)      Secure: Secure the information from inappropriate sharing with unauthorized users.

3)      Govern: Compliance is an ongoing commitment to protect critical information.

When it comes to Shadow IT, leveraging a GDPR-enabled secure web gateway (or a simple GDPR ICAP add-on to your existing web proxy), businesses can:

  • Perform a Shadow IT audit for cloud services. Quickly detect all cloud storage services in use throughout the business.
  • Create a map of all web-based data flows containing personal data.  This is both into and out of the organization. Shared responsibility means you need to secure and protect sensitive information which is shared with you.
  • Track and trace GDPR data moving to the cloud. Inspect data moving to cloud storage in real-time for GDPR data. This includes often-overlooked sub-file, hidden and metadata information.
  • Automate GDPR policy enforcement. Analyze personal data to determine the appropriate GDPR policy based on data context, type, channel and sharing relationship.
  • Apply adaptive security. Institute required GDPR security measures (block, encrypt or redact) applied based on policy. Redaction removes only the GDPR personal data detected, allowing the rest of the content to go without delay, quarantines, and disruptions. This, in turn, eliminates false positives. 
  • Enable GDPR governance. Achieve transparent visibility into GDPR reports, policy violations and breach analysis to ensure compliance.

The CIO and IT department need to grab control of Shadow IT, before a compliance incident occurs. Discovering which services are used is the first step towards that control. IT should be seen as an enabler to cloud services, with recommendations of which services to use and how they can be used. They also need to stop the use of those services which put businesses at risk.

In all, when addressed with the right security processes and technologies in advance, cloud storage and file sharing applications can be controlled and become GDPR compliant, helping you to avoid an ugly mess and potentially huge fines.

Additional links:

Adaptive Security for Cloud https://www.clearswift.com/products/web-security-products#SWG

A guide to critical data protection in 2018 https://www.clearswift.com/sites/default/files/documents/Whitepapers/A_Guide_To_DLP_Whitepaper.pdf

Insider Threat

3 ways to protect your organization against the insider threat

Unless you’ve been living under a rock, you probably know that cyber-attacks are on the rise and hitting businesses hard. Over the past few years, swathes of high-profile attacks have dominated media headlines with eye-watering data-breach and lost revenue figures.

With global corporations, including Yahoo, Equifax and the NHS suffering devastating attacks, defending your organization might seem like a monumental task, especially if multimillion-dollar companies are struggling to defend against the sea of online threats. However, understanding where the threats are coming from and how incidents occur will give you the ability to protect your organization against them. 

Our latest research reveals that the extended enterprise (employees, customers, suppliers, and ex-employees) is responsible for 74% of cyber incidents. The research, which surveyed 600 business decision makers and 1,200 employees across the UK, US, Germany, and Australia, found that an organization’s employees alone – whether through malicious or accidental actions – made up 42% of incidents, providing organizations with a clear starting point in addressing their cyber security. 

Know thy enemy

Sun Tzu’s frequently quoted sentiment is as applicable to cyber security as it is to the art of war. Understanding the threat means being able to defeat it, and when it comes to defending your organization in the digital age, internal threats pose the biggest problem. In 2015, unknown parties, such as hackers and criminal cells carried out 33% of attacks on organizations – a figure that is now down to just 26%. The internal threat, however, is on the rise.

65% of these incidents are accidental or inadvertent rather than deliberate and make up the majority of internal threats. As most businesses believe their critical data predominantly lies in non-technical departments, such as finance (55%), HR (45%) and legal or compliance (43%), addressing employee use and education around data handling is the first of many steps to addressing the insider threat:  

  • Know where your data is and educate your employees

    Every department in a business holds personally identifiable data to a greater or lesser extent, whether it’s the payroll records handled by finance officers or the target audience data used by marketing executives. Employees in these departments must recognize the potential security dangers associated with the data they use. Regular training seminars and tailored data security workshops might seem like overkill but will help educate employees about how to safeguard the data they handle and motivate them to care about the ramifications of a breach. With GDPR fast approaching, these will become a necessity that organizations avoid at their peril.
  • Build remote working into the data protection plan

    A significant contributor to the insider threat lies in the blurring lines between personal and work-based technologies. Flexible working coupled with mobile work technologies such as laptops and smart phones means that critical data is being taken outside of the bounds of the workplace and, therefore, must be secured both remotely and locally. Remote working security training should be incorporated into the data security workshops and seminars as the two invariably overlap. What’s more, a remote working policy should be developed within the overall data handling policy.
  • Invest in data protection and breach prevention technologies

    Whilst the risk factor around employee handling of data can be reduced, human error is inevitable. To avoid this and comprehensively secure your organization, investment in Data Loss Prevention (DLP) tools, content inspection software and document sanitization and redaction are the biggest priorities in preventing data loss and can also be used to demonstrate compliance with GDPR legislation. With these technologies, businesses can ensure that critical information isn’t being sent inadvertently or maliciously by staff. What’s more, redaction and content inspection only remove the information that breaks policy, offering a flexible approach to efficient business operations.

Additional Information

Related Articles 

Microsoft deal is a start, but more needs to be done to protect the NHS from cyber threats

Microsoft deal is a start, but more needs to be done to protect the NHS from cyber threats

Following the recent WannaCry attack that affected so many organizations, both public and private, across the globe, many firms are now taking steps to protect themselves from potential threats in the future. One establishment in the UK that the WannaCry attack had ramifications for was the NHS. The incident meant multiple hospitals across England and Scotland had to cancel procedures after vital systems were brought down, with hackers demanding money to release the systems.

Needless to say, with such a high-profile public institution being breached, both media and public interest were piqued and questions asked about how this could have been prevented. Shockingly, it was revealed that many of the NHS networks were still running systems with Windows XP, an out of date operating system that is now highly vulnerable to attacks.

Running critical infrastructure on outdated software is incredibly risky, and needless to say the NHS (and others) paid the price for this. However, steps are now being taken to address this issue. It was recently announced that NHS Digital has signed an agreement with Microsoft to cover all NHS organizations with a centralized framework for the detection of malicious cyber activity, while also providing patches for all current Windows devices in the health service running on XP.

Successful and secure IT is all about investment. All too often maintenance falls by the wayside. Why would you spend money on something that isn’t broken? If the impact of WannaCry isn’t a good enough justification, then what is?

So, this announcement is a positive first step to ensuring the NHS is safe from cyber threats going forward. It goes without saying that ensuring IT systems are operating with the most up to date software is critical to keeping these devices safe and, through working with Microsoft, hopefully, this can be achieved.

However, NHS Digital needs to ensure that it does not consider this partnership as the solution to all its security issues. Simply updating endpoint systems is not enough. Other investments and partnerships are needed to protect the whole IT infrastructure and mitigate security risks going forward.

For example, the NHS should consider taking steps to ensure that breaches don’t occur from within the organization. Data becoming exposed from within firms is one of the primary reasons for cyber-security breaches – the more people who have access, the greater the risk. Research from Clearswift found that 88% of security professionals said they had experienced a security incident, and 73% of those attributed these to employees, ex-employees, contractors and partners. This is an alarming figure, and breaches coming from inside an organization are not going to be stopped solely by updating software to prevent external attacks.

So, what can the NHS do to make sure its systems are secure both inside and out?  Insider threats take many forms but ultimately revolve around the unauthorized movement of data. Therefore, the NHS must ensure that protection is centered on monitoring and preventing critical information from reaching unauthorized personnel. To do this, the health service should look to set up an information governance scheme which prevents data from being accessible and shareable by unauthorized staff. Policies need to be backed up by training and technology. For example, using an adaptive data loss prevention solution to redact critical information automatically to reduce the risk, while not obstructing communication flows, would help improve the security profile. Other adaptive security technology should also be deployed to remove ransomware threats, as well as mitigate other information borne risks. Some of these advanced solutions can be deployed without needing to ‘rip and replace’ what is already there. Clearswift has just launched our Data Protection+ initiative which enables organizations to augment their existing email and web solutions with our Adaptive Data Loss Prevention functionality – even if you don’t have a Clearswift SECURE Gateway.

Upgrading systems was a necessity for the NHS following the WannaCry breach and the deal with Microsoft is a start to preventing something similar from happening in the future. However, NHS Digital needs to understand that this isn’t a silver bullet and threats are far wider-ranging than just external hackers. Through ensuring that the systems and processes are in place to protect the NHS from threats, we can ensure that the health system continues to operate smoothly and citizen records are in safe hands, guaranteeing that this national institution is well guarded into the future.

Additional Information:

Related Articles:

Information Security

Information Security. Solved.

Solve for information security and you solve for the most pressing cyber security challenges. Documents that leak confidential data are harvested for phishing attacks and weaponized to deliver embedded malware payloads. Today’s documents require an enhanced level of inspection, redaction and sanitization before entering or leaving your network.

English

7 Website Leaks that Shocked the World of Tech, Sports, and Entertainment

Months have been spent planning and millions have been invested. It is nearly time for the big announcement introducing the world to a market-disrupting innovation. But suddenly your plan is shattered as your organization’s secret announcement virally spreads across social media, and you realize your headlines have been stolen. 

The cause? A malicious breach by a hacktivist, a disgruntled insider leaving to a competitor, or a rogue partner looking to make a name for themselves? None of the above. It was an accidental leak from your own corporate website. Your own corporate website, really?

 As advanced cybersecurity systems, training, and policies are widespread today, the accidental publishing of confidential or personal information to a corporate website should be extremely rare and innocuous at best. But you should think again. Some of the most noteworthy data leaks in the past few years – Apple, FaceBook, LinkedIn, the U.S. Army, and the recent Red Cross data leaks – resulted from accidental website leaks.

We compiled seven website leaks in technology, sports, and entertainment that have recently shocked the world, prematurely exposed data that impacted a forthcoming announcement in each case.

Technology

Google’s Pixel Phone

Canadian wireless carrier Bell accidentally listed Google’s new Pixel phone on a link to preorder Samsung’s Galaxy Note7 on October 2, 2016. The problem? The Pixel announcement didn’t happen until October 4. It didn’t matter that the title and URL of the page was for the Galaxy Note7, as the image and copy was for the Pixel phone. So much for Google’s “October surprise.”

PlayStation EU Blog Preempts PlayStation Now Release

The PlayStation EU Blog announced on August 23, 2016 that the PlayStation Now will be available on the PC approximately two weeks before the official product launch and announcement on September 7, 2016. So what did gamers found out on September 7 that they already didn’t know on August 23?

Sports

EA Sports Prematurely Reveals New Manchester United Kit

Sports video gaming company EA Sports displayed a photo of United Manchester Star Anthony Martial wearing next season’s jersey on its website, quickly deflating the build-up to the club’s announcement of its new kit (jersey).

The Xbox Store Reveals First Features of “Madden 17”

May 12 was an important date for those who play Madden NFL Football. It was the date when the cover athlete was named and also the day for the release of the first trailer. But on May 12, images from the Madden 17 were posted by The Xbox Store and tweeted out, all but spoiling the surprise and ruining the announcement.

Lionel Messi Leaked as 2015 Ballon d’Or Winner
Lionel Messi was leaked as the winner of the FIFA’s prestigious 2015 Ballon d’Or (men’s category) a week prior to the actual ceremonial announcement on January 11, 2016. FIFA attempted to deny the news with a series of tweets and announcements. We are left to wonder how much suspense and uncertainty hung in the air at the award ceremony when the words, “And the winner of the 2015 Ballon d’Or is …,” were spoken.

Entertainment

Disney Floats Opening Date for “Rivers of Light”

The opening of Disney’s “Rivers of Light” at its Animal Kingdom in Walt Disney World was accidentally disclosed when it added information, which was subsequently removed, about a variety of special dining packages for Rivers of Light beginning May 1, 2017. Now that the light at the end of the river is known, including restaurants, menu options, and prices, the much anticipated release is no longer anticipated.

The Sun Online Shines the Light on X Factor’s Sixth Chair Challenge

The Sixth Chair Challenge is a big lure for the audience of the X Factor. Hopefuls are awarded a seat but have it taken away and given to another contestant. The uncertainty of the final outcome of the show is what keeps the audience engaged. The Sun Online, a modelling agency, posted the results of the challenge seven weeks prior to the final outcome on its website. So much for the “x factor” and keeping the audience in suspense.

How to Prevent Accidental Website Leaks

The shocking reality behind embarrassing website leaks is that most of them can easily be avoided. In a time of extreme pressure and last-minute deadlines, organizations can no longer simply depend upon human processes to review and control what information should be shared with third parties and when it should be posted on their website. A safety-net that monitors for an accidental release of confidential information prior to the announcement date can go a long way in automating the avoidance of a public-relations disaster.

 Information security teams can easily enhance their existing web technology (reverse proxy) to ensure web content is automatically inspected at the most granular levels, and then redacted and sanitized prior to being published on the corporate website. This includes the detection and removal of confidential information parsed and distributed as web copy, images, complete or sub-file documents, as well as information that has been copied and pasted into other marketing and communication form factors.

 Automatically sanitizing all documents being published removes often overlooked revision history, comments, and hidden metadata that can be embarrassing if distributed outside the organization. Imagine if you mistakenly sent an embargoed press release to hundreds of media publications that included internal comments discussing positioning and competitive strategies.

Adaptive security policies are key to identifying and preventing accidental leaks without disrupting time-sensitive communications with burdensome false positives. Redaction and sanitization policies can be configured to remove only the confidential information detected, allowing the rest of the post or communications to continue without quarantines or delays.  

 Adaptive security policies will only be successful in a dynamic organization when the stakeholders who have the most to lose and are the closest to the project are empowered to protect their confidential information. IT security departments may not be familiar enough with the confidential information associated to the announcement (e.g., new design image, logo, or product names) to set the appropriate policies. As a result, enabling adaptive classification and crowd-sourced security policies to be set by key stakeholders helps ensure complete protection.

Key Accidental Website Leak Prevention Tips

  • Enhance existing web proxy to inspect and remove confidential information (if not currently available on existing proxy, vendor independent ICAP add-ons are available)
  • Sanitize all shared documents to automatically remove hidden revision history, comments, and metadata
  • Leverage redaction policies to remove only confidential information, thereby eliminating delays and false positives
  • Empower key stakeholders to classify confidential information related to their announcement by crowdsourcing information security policies

 Additional Information


Request a Website Leak Prevention Briefing

Prevent Accidental Website Leaks

Related Articles

Document Sanitization and Redaction Safety Net for the Forgetful User

What Is Adaptive Data Loss Prevention?

 Clearswift’s Adaptive DLP Wins Top CEO World Award