Email accounts have evolved into an easy way to store messages, document conversations, and track file attachments. These common work practices can leave a relatively unprotected system vulnerable to breach by bad actors looking for valuable information to steal.
As email is the most common way of communicating online, the same features that make email convenient also make it the number one target for cybercriminals. Email is in such common use that email accounts can be easily accessed from numerous points of entry, for example, using an email login to access a third-party application. The protection protocols to safeguard information are usually not in full force and the assurance of email security is often taken for granted.
What is Information Leakage?
Information leakage is the release or capture of sensitive information by unauthorized parties. Sometimes leaks are inadvertent – such as when a message with a confidential attachment is mistakenly sent to the wrong email address or when an automatic Reply All is sent out when only one person should have received the sensitive content in the response.
Information leakage can occur when outside parties successfully infiltrate a system or network and begin to syphon off information. The impacts of such interference can range from mild to catastrophic.
But information leakage can also occur due to insider threat – a rogue system administrator inside the organization with a "god account," authorized access to all data files, server controls, and other high level administrative permissions, can cause excessive damage to a system while masking the infiltration and hiding the damage being done from detection.
Impacts of Information Leakage
Brand/Reputational Damage. Organizations that handle proprietary, confidential, and otherwise sensitive information – law offices, healthcare agencies, tax advisors, etc. – can suffer grave brand and reputational damage when the public is made aware that the company’s records have been breached and their clientele’s private information has been lost, stolen, publicized, and/or held for exorbitant payment in a ransomware scheme.
Financial Damage. Information leakage can provide the clues a cybercriminal needs to aggregate data and build an access portal to withdraw funds or implement a ransomware attack. By the time the organization realizes the breach, the funds lost may be unrecoverable, damaging not only the company itself, but likely negatively impacting its clients.
Competitive Advantage Loss. An organization can lose its competitive edge when patentable technical secrets, new innovations, drawings and schematics, research and analysis data, and other highly proprietary information is leaked and falls into the wrong hands. Supply chain protocols are an important factor here – a leak anywhere along the supply chain can result in competitors getting hold of valuable schematics such as assembly diagrams, machined parts, or other supplies and data that would give competitors insight to the workings of proprietary technology under development or in production.
Standard Solutions for Information Leakage
Most email systems are secured with Transport Layer Security (TSL) which governs encryption of communications across the server network. Once information is forwarded beyond the encrypted servers, however, control is lost over where that information travels, gets stored, or gets intercepted. Even if rules about sending confidential information via email are in place, they are not always obeyed or strictly enforced, and again, once the information has been sent, the sender has no control over the security protocols at the reception point nor control over what the recipient chooses to do next with the information. Finally, basic encryption may be in place, but most email systems standardly apply one encryption key to each entire email account. Once that one encryption key is broken, all information contained within the breached account becomes vulnerable.
The Gold Comet Solution to Information Leakage – and New Patent Award!
Gold Comet’s Secure Messaging, File Storage, and File Sharing mitigates the danger of information leakage through its patented, Zero Trust based, multi-layer authentication system. All communications and file exchanges take place within the protective environment of the Gold Comet Secure Cloud.
We’re excited to announce that a new patent – Gold Comet’s 6th Patent Award! – has just been awarded which includes a solution to the issue of information leakage. Providing a System and Method for Secure Access Control, Gold Comet solutions require multi-level integrity (permission of two or more administrators) when managing and making changes to a messaging account – thus mitigating the opportunistic activity of an insider threat such as a rogue system administrator acting alone.
The Gold Comet development team continues to innovate, seeking new and better ways to protect the privacy of your confidential information. If you have concerns about information leakage or supply chain vulnerability in your organization, contact Gold Comet today and learn how our secure solutions can provide the protection you so critically need.
Comments