Many of us may be more than familiar with the topic of information security breaches affecting organizations as a result of data theft. However, some of us may not be aware of the term data leakage and how different this term is from data theft. In fact, some of us may be working at companies today that are potential victims of data leakage, may certainly have no policies or procedures to address this data leakage risk and thus may not be able to mitigate this information security threat to their organization. To those companies, we offer a link to information and to a potential solution to the data leakage risk.
Addressing the position that data theft and data leakage are not the same, Tom Olzak, a contributing writer on the CSO Security and Risk website, has recently written an article to help us clarify that difference and focus on the fact that data leakage from approved or accepted business practices can be a significant security vulnerability facing many companies today.
Mr Olzak defines data leakage as, “… the incremental movements of information from areas of high trust to myriad office locations with little or no protection”, and offers a list of questions which an organization can use as a guide to help start internal assessments of that organization’s vulnerability to data leakage risks.
Click here to read more about this important information security topic.
If you find this information helpful please pass it along to your internal information systems security managers as well as your risk management and business continuity planning team members.