Recently there has been a case of an employee working as a database admin who has been caught in a data leak scandal. In this blog post, we will talk about how data loss prevention software can prevent employees from leaking sensitive information from your organization.

According to NZ herald(Link) – Barry Young, who has been working in NZ healthcare for almost six years, had access to all vaccine data because he was working as a database admin. He had access to the personal and medical details of people who received the Covid-19 vaccine in New Zealand. He was later caught leaking the data to an anonymous website. (Franks, 2023)

This highlights the fact that internal data breaches can be more serious than incidents caused by external parties. Organisations should strictly follow the principle of least privilege and implement data loss prevention solutions to prevent data leakage that may be caused by insiders intentionally or unintentionally.

There are many data loss prevention tools in the market, and they have certain features in common. The features listed below should be used as a basic way for companies to protect their data. They allow authorized parties to access the data safely and securely.

1. Sensitive Data Identification and Classification:

• To identify and classify sensitive data within your organization’s systems, such as patient records, financial information, and intellectual property. This allows targeted protection and control over these critical assets. • By identifying sensitive data types, you can effectively monitor and control how it is accessed, transferred, and used.

2. Access Control:

• To enforce the principle of least privilege, ensuring that employees have access only to the data they require for their specific roles. This minimizes the risk of unauthorized individuals accessing and exfiltrating sensitive information. • With granular access control rules, organizations can limit the scope of potential damage caused by malicious or negligent employees.

3. Incident Logging:

• To provide comprehensive logs and notifications when suspicious activity is detected, enabling system admin to review the logs and locate the source of the breach has occurred.

Having a DLP solution will help organizations not only protect data but also make it easier for administrators to control how data can be accessed, viewed and shared. Having a good data loss prevention solution can save businesses from having bad reputation, losing trust among stakeholders and losing revenue.

Reference

Franks, R. (2023) Covid-19 data leak: Health Agency to use international cyber security experts for investigation, NZ Herald. Available at: https://www.nzherald.co.nz/nz/covid-19-data-leak-te-whatu-ora-health-agency-gets-international-cyber-security-help-for-investigation/DHRNP3KCVJDXROS2YIK7PSRE7I/ (Accessed: 15 December 2023).