Every company has a huge amount of information that in the wrong hands, can cause great economic and reputational damage. Such information should remain confidential and known to a limited circle of persons. This means that it must be protected from leaks and theft.
What information will attackers look for?
Confidential information is that data, access to which is limited either by law or by the rules of the organization. This information includes trade secrets, company innovations info, customer base, employee data, and other information that the company considers important. This information is often hunted by hackers and insiders.
The attacker's target determines the data that he will need. For example, a hacker will search for data to sell or simply encrypt a corporate network using ransomware. Insiders recruited by competitors will search for business plans, customer databases, innovations, etc. Employees who want to take revenge on the company will look for documents that somehow compromise it.
How does the leak of confidential information threaten the company?
Leaks of confidential information can have worst consequences for a company, including bankruptcy. Even leaks of personal data of employees can damage the reputation, as employees whose data has been compromised can sue the company. Large sums are spent on the investigation of the incident. In addition, the company:
How to protect confidential information?
There are three levels of protection for confidential information:
Legal - includes state standards of information protection, regulations. It is useful to know not only those regulations that protect the company, but also those that govern the company's responsibility to employees and customers.
Organizational - includes the ordering of work, the definition of access levels. Not all employees need access to work, for example, to accounting or program code. These moments need to be monitored and employees should be given access only to the information they need to fulfill their job responsibilities.
The technical layer includes physical, hardware, cryptographic and software protection.
More about the technical level of protection of confidential information
At the level of physical protection, buildings, internal premises and territory are protected, as well as equipment and documents are protected from unauthorized access to them. In addition, the physical layer includes protection against surveillance and eavesdropping. Such protection is provided with the help of mechanical barriers, sensors, video cameras, personal identification tools, etc.
Hardware protection is provided, for example, by indicators of electromagnetic radiation or complexes for detecting radio patches and other devices. Also, hardware can be used at different levels of the network: in RAM, input and output controllers, central processing units, etc.
They help to identify possible channels of information leakage, to see where the company's security "weaknesses" are, to find means of industrial espionage, etc.
Cryptographic protection is based on encrypting physical and virtual storage media so that only the owner of the decryption key can read the content. Encryption is a reliable tool, although it does not provide one hundred percent protection, as it can be hacked.
The software level of protection is most often represented by a DLP system. The main task of a DLP system is to prevent data leakage. Using SecureTower as an example, let's see how it does it.
At the beginning of work, the security officer shows the system which data is confidential and enters into it those actions that cannot be performed with these documents. For example, they cannot be printed or sent to individuals outside the corporate network. In the event of a violation, SecureTower will notify the manager or security officer of this.
The DLP system controls all communication channels: websites, cloud storage, email, IP telephony, social networks, network storage, clipboard, instant messengers, FTP, USB devices, network and local printers.
All actions of the employee SecureTower analyzes for violation of security rules. It shows what the employee was doing during the day: what sites he visited, what programs he used, when he was away, etc.
With the help of the system, you can see who interacts with whom and what employees are talking about. If an employee contacts a person who is not authorized in the network, the system creates a profile for him. Thus, you can track the interaction of an employee with this person: what they corresponded about, whether they sent each other any documents, what kind of documents they were, etc.
With the help of the system, you can see who interacts at working place and what employees are talking about. If an employee contacts a person who is not authorized in the network, the system creates a profile for him. Thus, you can track the interaction of an employee with this person: what they corresponded about, whether they sent each other any documents, what kind of documents they were, etc.
The system can analyze files and documents by content:
When analyzing text files, SecureTower takes into account the morphological features of the language. She can analyze text with grammatical errors or written in transliteration.
The system can recognize text on images, as well as stamps and seals.
SecureTower can recognize speech and analyze voice messages and calls.
SecureTower can recognize bank cards, passport photos and internal documents.
You can also block the transmission of documents of a specific format, a specific file, a document with specific content, documents with stamps, etc.
If the security rules have worked, and their level of risk is high, then all the above functionality will help in the investigation of the incident, as well as the following features of SecureTower:
Inside the system, the security officer creates a case in which he can record the progress of the investigation, save all files, correspondence, records related to him, and, after the investigation, make a report for managers. The collected data can be used in court as an evidence base.
SecureTower stores all information in an archive. If it is removed from the device, recovery will be possible using the system. This is especially useful if the attack was carried out by a hacker and the network was encrypted with ransomware, or if an employee tried to get rid of “evidence”.
Protection of confidential information will never be one hundred percent. However, if you take care of the proper organization of each level, then you can minimize the risk of leaks or have time to prevent it in time.