The Wikipedia definition of “information leakage” is what happens “whenever a system designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless.” I believe this to be an adequate although somewhat narrow definition. It assumes that the leakage is the result of a benign event, as opposed to an act of theft.
In the end it really doesn’t matter. Whether by accidental loss or by theft, your information is at risk while the systems to protect it are often non-existent.
According to the most recent Computer Security Institute Computer Crime and Security Survey, one of the largest threats leading to information leakage and loss is the theft of mobile devices. Industry analysts estimate that as many as one million laptops are stolen each year. The FBI says these losses totaled more than $6.7 million in 2008. And stolen laptops are but one way information is leaked or stolen from businesses and government entities.
The business risks introduced by lack of information security are severe and include:
- Loss of operational capability,
- Loss of critical information including institutional business information, confidential information, and intellectual property,
- Loss of client/customer confidence,
- Negative public perceptions.
In October, 2009 the Boston Globe reported that the Blue Cross and Blue Shield Association warned 800,000 doctors in its network (90 percent of practicing physicians in the country) that a laptop containing some of their personal information had been stolen.
What’s unusual about this case is that it was reported. In many cases, instances of data leakage go unreported for fear of negative publicity and concern that competitors could exploit the loss.
What can you do to protect your business against information leakage and loss? The first step is to recognize that there is a problem. Unfortunately, too often businesses fail to take into account the threat of information loss and its harmful impact.
Among business leaders who recognize the threat, there is agreement that having an effective data risk mitigation plan in place can be the most effective tool to protect against loss. An information data risk mitigation plan requires the business to:
- Identify critical, confidential, and operational information,
- Quantify the value of the all such information,
- Quantify acceptable losses associated with either the compromise or destruction of this information,
- Quantify acceptable costs to secure and protect the information.
- Secure and protect the information.
Even after you have taken the appropriate steps, it’s important to recognize that your information will leak. No plan is 100 percent secure. One of the top causes of information theft and leakage is the “disgruntled employee.” Most systems are designed to protect against outside intrusion thus the risk of successful data theft by insiders is always very high.
When information leaks, the first action required is to identify what data was compromised. In many industries, such as the health care industry, it’s important to insure that lost data is not made public where it can be most damaging. In such cases, risk mitigation requires ongoing system capability to scan and search the Internet for proprietary and confidential information. This protection needs to be in place before a leak occurs.
Infoflows Corporation’s Fedmark technology brings transparency, control, and management to owners for all forms of data, including health IT such as EMR, EHI, and PHI. Our experienced data privacy risk experts bring clients the ability to strengthen information controls, and significantly reduce risk of breaches and unauthorized activities targeting their data.
Infoflows' approach is customized to meet each client’s needs and is based on an aggregate of more than 100 years of experience across markets.
Our mission is to bring a critical review of the nature of the risks you are facing and an understanding of their source and motive. We provide critically important means of mitigation in order to protect your information. To learn how you can eliminate information leakage and loss risk to your business, contact Infoflows for a comprehensive presentation on our Fedmark technology and service.