How to Prevent Departing Employees from Departing with Your Organization’s Data

1. Limit Employee Access to Data

Only give employees access to data needed to get their jobs done. For instance, engineers don’t need access to CRM systems.

2. Encrypt Critical Corporate Data

Ensure that critical corporate data, whether data is in-transit, at-rest and in-use, must be encrypted. Encryption ensures that even when there’s data breach, the data will remain useless.

3. Establish Regular IT Audits

While automated, preventative controls are the best defense, no technology is perfect. Establishing regular IT audits performed by an independent third-party will help you detect any outliers and detect data leaks and internal fraud early on. Such audits generally include

4. Require Appropriate Authentication for Critical Content

Accessing critical content must require not just a username and password but also multi-factor authentication. When critical content is being accessed, it also helps that approval must be secured first or an alert must be given to a compliance officer.

5. Regularly Monitor Network Activities

Unusual volume of downloaded data and non-office hours data access are examples of network activities that should be monitored. Said network activities are red flags for unauthorized activities and should be checked.

6. Keep Critical Data Offline

Don't store information vital to your organization, especially trade secrets, on any device that connects to the internet.

7. In-Person Data Security and Privacy Training

One of the means, though not a cure-all approach, of preventing departing employees from stealing corporate data is by providing an in-person data security training the moment the employee is hired.

One training session isn't enough. It's best to regularly remind employees about safeguarding company’s data by implementing a regular, formal cybersecurity awareness training. In addition to the in-person data security and privacy training, a confidentially or non-disclosure provision has to be included in the employment contracts.

8. Don’t Give Employees Administrator Privileges

Don’t give employees administrator rights for the company-supplied computers or devices. Giving them administrator privileges allows them to install malicious software (malware) that could lead to unauthorized access to information vital to your organization.

How to Prevent Accidental Database Leaks

Florida-based marketing and data aggregation firm Exactis is the latest organization that accidentally leaked critical database online.

Security researcher Vinny Troia disclosed to Wiredthat early this month, Exactis exposed nearly 340 million records, 230 million of which pertain to U.S. consumers, while 110 million on business contacts.

"It seems like this is a database with pretty much every US citizen in it," Troia told Wired. "I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen.”

The close to 2 terabytes of data exposed by Exactis didn’t contain credit card information or Social Security numbers. It, however, revealed highly personal information, including phone numbers, home addresses, email addresses, religion, age, gender of the person's children, and interests like plus-size apparel and scuba diving.

Wired confirmed the authenticity of the data exposed by Exactis, commenting that in some cases the information is inaccurate or outdated.

Prior to his disclosure to Wired, Troia said he contacted both Exactis and the FBI about his discovery. He said Exactis has since protected the data so that it's no longer accessible to the public.

The number of data unintentionally exposed by Exactis exceeds that of the 2017's Equifax breach of nearly 148 million consumer’s data. The difference though is that in the case of Exactis, victims aren’t even aware that they’re part of the company’s database.

Past Incidents of Accidental Database Leaks

While the Exactis data may have been the largest accidental database leak, in the past few years, reports about accidental database leaks have come up again and again.

Another security researcher Chris Vickery discovered a number of accidental database leaks. In December 2015, Vickery discovered that the database that housed 3.3 million Hello Kittyaccounts was exposed as a result of a misconfigured MongoDB (a free and open-source cross-platform document-oriented database program) installation.

In April 2016, Vickery discovered that voter registration details of 93.4 million Mexican citizenswere exposed via publicly accessible database hosted on an Amazon cloud server.

In January 2017, Vickery also discovered that an Ontario-based plastic surgery clinicleaked thousands of customer’s medical records online via unprotected remote synchronization (rsync), a service which allows synchronization of files between two computers or servers over the internet.

In October 2017, Redlockresearchers reported that attackers infiltrated the Kubernotes (open-source platform designed by Google to automate deploying, scaling and operating application containers) console of Aviva, a British multinational insurance company, after the company failed to secure it with a password. One of Aviva’s Kubernetes pod contained credentials to the company’s Amazon Web Service Inc. account. According to Redlock, this enabled the attackers to steal the cloud compute resources of Aviva for cryptocurrency mining, in particular, mining the cryptocurrency Bitcoin.

In February 2018, Redlockresearchers reported that attackers similarly infiltrated the Kubernotes console of Tesla after the company failed to secure it with a password. One of Tesla’s Kubernetes pod contained credentials to Telsa’s Amazon Web Service Inc. account. Redlock said this enabled the attackers to steal the cloud compute resources of Tesla to mine the cryptocurrency Monero quietly in the background. 

Accidental Leaks Discovery

According to Troia, he discovered the exposed Exactis’ database by simply using Shodan, an alternative search engine used by researchers and security professionals. Troia said he used Shodan to search for all ElasticSearch databases visible on publicly accessible servers with American IP addresses.

This search query resulted in about 7,000 results, Exactis database being one of them, unprotected by any firewall. ElasticSearch is a document-oriented database that's designed to be easily searched over the internet.

For his part, Vickery told ZDNet that he finds accidental database leaks via Shodan as well. There’s, however, no stopping for malicious hackers to use tools like Shodan to discover accidental database leaks. It’s a challenge then for ethical hackers like Troia and Vickery to discover and report to the concerned organizations regarding accidental database leaks before malicious hackers do. 

"I’m not the first person to think of scraping ElasticSearch servers," Troia said in the case of Exactis’ accidental data leak. "I’d be surprised if someone else didn't already have this."

Data Leak Prevention

Here are some of the security best practices in preventing accidental database leaks:

1. Monitor Firewall Traffic

A firewall is your first line of defense in preventing accidental database leaks.

A firewall, which can be a hardware, software or both, monitors incoming and outgoing network traffic. It decides based on a defined set of security rules whether to allow or block specific traffic. For instance, a firewall can be configured to block data from certain locations or applications while allowing relevant data in.

RedLock reported that while firewall is one of the industry’s best practices, “85% of resources were found to have no firewall restrictions on any outbound traffic”.

While firewall is a good first line of defense, it can’t be the cure-all remedy in preventing accidental database leaks.

2. Monitor Configurations

Proper configuration is critical in preventing accidental database leaks. Configuration refers to the “Settings” menu in any software. A simple configuration monitoring could have prevented the Tesla breach. 

3. Monitor Suspicious User Behavior

As shown by the above-mentioned examples, it’s not uncommon to find accidental database leaks in public cloud environments. Your organization needs to detect accidental database leaks as soon as possible before the bad guys do.

Monitoring has to go beyond geo-location or time-based anomalies but also monitoring event-based anomalies such as unusual volume of traffic or unusual volume of downloaded data.

When you team needs help, our team of experts is a phone call away. Contact ustoday and stay safe!