The Top 7 Data Exfiltration Risks (And How to Prevent Them)

data loss prevention - the top data exfiltration risks

Protecting sensitive data must be a top priority for any business. Unfortunately, the multitude of techniques available to threat actors makes detection and prevention of attacks a full-time job. To help make that job easier this article will teach you how to prevent data exfiltration by addressing the most common techniques used in attempts.

Table of Contents

What is Data Exfiltration?

Data exfiltration, also known as data extrusion, data exportation, or data theft, is the unauthorized transfer of data from one computer, network, or server to another without authorization. Data exfiltration most commonly occurs when malware or a malicious actor executes an unauthorized data transfer.

The most desirable data to exfiltrate include passwords, intellectual property, and personally identifiable information (PII). These types of data can be readily sold for financial gain.

How Threat Actors Exfiltrate Data

When trying to understand how hackers exfiltrate data from a network, it’s important to realize that data exfiltration isn’t exclusive to external threats; employees are just as capable of making unauthorized data transfers.

In fact, malicious insider threats are in the optimal position; they do not need to work as hard to gain access to a device with a connection to system resources as an external attacker would.

For optimal protection, be prepared to mitigate both internal and external attacks. Otherwise, the data of your customers can be readily exfiltrated with far fewer resources and without detection thanks to their trusted access to the network.

1) Unsanctioned Cloud Storage Accounts

Data loss prevention cloud storage DLP security tips

Cloud storage makes the transfer of data as simple as dragging and dropping files into a folder. Unfortunately, the very simplicity that makes cloud storage an excellent collaboration tool also makes it a prime tool for data extrusion.

As a part of your cloud data loss prevention strategy, your organization needs web filtering software to restrict access to unsanctioned cloud storage providers.

With new cloud storage vendors regularly emerging, manual URL filtering isn’t enough for organizations to address this exfiltration risk. BrowseControl’s category filtering system is regularly updated with new websites as they emerge, making the blocking of millions of websites as easy as a few clicks. Simply add the File Hosting category to your block list, then add the services you would like to allow in your network to the Allow List.

To help detect other exfiltration threats in the network, organizations must monitor employee internet use; network traffic data could reveal visits to high-risk sites that need to be blocked from the network.

2) Portable Storage Devices (USB, Mobile Phones, etc)

A 32 gigabyte USB flash drive sitting on top of a computer keyboard

A 2018 study from cyber security software company McAfee found that the overall top three vectors used to exfiltrate data are database leaks, cloud applications, and USB drives. 

According to the study, USB drives are the number one data exfiltration vector in European and Asia-Pacific countries.

When you think of it, this is of little surprise. After all, portable storage devices are, well…portable. And thus easy to conceal and hard to detect.

These devices can store terabytes of data, making them capable of storing millions of database records, spreadsheets, and other proprietary information.

So long as there’s an available port, data can be readily exfiltrated, leading to a serious data breach.

Employees are the most prevalent data exfiltration threats here. They’re trusted with physical access to company systems, making data exfiltration attempts laughably simple. All it takes is sneaking in a personal USB flash drive and transferring files from the network before they walk out of the office. 

So, how do companies prevent this? Simple: They disable USB ports with device control software such as AccessPatrol. 

Naturally, blocking ports entirely also prevents legitimate usage. That’s why AccessPatrol has an Allowed List to grant access to authorized users. To help mitigate the risk that trusted devices will be misused, AccessPatrol allows you to restrict file transfers based on filename and extension. 

To assist with detection on target systems, It also has alerts that can notify security teams each time data is exfiltrated to a portable storage device. These real-time alerts are essential for the protection of data; should data be stolen, there will be an auditable record of who is responsible. 

CurrentWare Customer Nicholas Scheetz

“We never have to worry about what may happen when someone plugs a device into one of our machines. AccessPatrol has made our lives easy. We just set it, forget it, and it works!”

CurrentWare Customer Nicholas Scheetz, IT Service Desk Supervisor, First Choice Health

3) Email & Phishing

Personal data phishing concept background. Cartoon illustration of personal data phishing vector

In North America the number one vector for data exportation is email.

The fact that email is one of the top greatest data exfiltration risks is of little surprise. Without security controls in place, insiders can easily send sensitive information to personal email addresses that aren’t managed by the organization.

Email is a data exfiltration issue even outside of malicious insider threats. A data breach could be as simple as a misaddressed email or inadvertently including customer data in an attachment.

These factors are enough of a risk on their own; what about the innumerable amount of phishing emails?

Don’t assume that employees won’t fall for them. Tessian found that a staggering 1 in 4 employees admitted to clicking on a phishing email at work. Worse yet, a report from PhishMe found that employees who have opened a phishing email in the past are 67% more likely to fall for a future attempt.

Naturally, no amount of data exfiltration prevention solutions are going to completely solve what is fundamentally a human problem. But there are things you can do to reduce the risks associated with email.

Protection techniques to handle this threat:

  • Configure network email filtering tools to detect malicious emails and restrict unauthorized attachments in your organization
  • Implement corporate data security policies
  • Provide employees with security awareness training
  • Block access to unsanctioned email platforms

4) Unsecured Servers

cybersecurity expert on a laptop ion front of servers

“In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals who can use the data for criminal purposes such as blackmail, identity theft, or financial fraud.”

The Federal Bureau of Investigation (FBI)

Research conducted by the University of Michigan found that over 1 million FTP servers were configured to allow anonymous access, posing a serious data exfiltration risk.

Naturally, organizations that allow anonymous access to their services are at risk of having their systems compromised and data stolen without the detection of the hackers responsible. 

While the nuances of keeping the data in servers safe from attacks is a complex subject, there are a few steps your organization can take to defeat the most common vulnerabilities.

  • Don’t make a server public-facing unless absolutely necessary
  • Protect servers from a brute force attack with multi factor authentication
  • Use a firewall to limit the server to authorized traffic
  • Secure the physical area that houses the hardware
  • Separate database servers from everything else
  • Ensure that sensitive data is encrypted 

And while we’re on the subject of FTP…use a port filter to close any unused ports in your company, including default FTP ports. This will greatly reduce your attack surface.

5) Social Media & Forums

Restricting internet access is crucial for preventing data exfiltration but unfortunately, there isn’t a definitive guide on what websites to block at work

For optimal security, you could only allow access to specific websites, but that can quickly become cumbersome to manage.

If an explicit-deny approach isn’t a feasible data exfiltration prevention measure for your environment, you should block the most common egress points.

Websites most commonly used for data exfiltration

  • File sharing websites
  • Instant messaging
  • Social media
  • Forums
  • Email

Naturally, this list isn’t exhaustive. There’s also the risk that legitimate domains will become compromised and used as a repository for data exfiltration.

6) Malware

Most external threats will use a combination of phishing and malware to gain remote access to their target system. A search of security industry trends shows that businesses of all sizes are at risk of being the target of a cyber attack.

When it comes to preventing malicious software you need to implement a defense-in-depth approach. Lone antimalware solutions aren’t always going to be enough to stop malware, but you’ll be grateful that it’s there if a malicious program manages to slip past your other security measures.

7) Printers

Woman using a printer

According to a Quocirca Report, 60% of businesses in the UK, US, France, and Germany suffered a print-related data breach from 2018-2019. The data loss related to these breaches costs companies an average of more than $400K.

The data exfiltration risks associated with printers aren’t exclusive to traditional office buildings, either. In the age of remote work it’s easier than ever for an employee to connect a printer to their computer and print off sensitive documents. 

Protection techniques to handle this threat:

  • Encrypt any internal storage drives that the printer has
  • Enforce Secure Printing modes that force users to enter a PIN to retrieve sensitive documents
  • Ensure that all sensitive documents are securely stored and disposed of
  • Monitor printer logs for evidence of sensitive files
  • Train employees to immediately retrieve printed documents
  • Use USB control software to block high-risk users from connecting printers to their computers

How to Prevent Data Exfiltration

Insider Threats - How to Stop Data Theft - CurrentWare

In addition to the risk-specific tips I’ve covered above, there are a number of other ways to prevent data exfiltration. This next section will broadly cover best practices for mitigating the risk of data security incidents.

How to Prevent Data Exfiltration

Protect Your Data When Terminating An Employee [Checklist]

employee offboarding checklist with fields for employee information, checkboxes, date, signature, and comments.

Concerned about the damage a terminated employee could cause with access to sensitive corporate information, account passwords, and other sensitive data? 

Follow this employee offboarding checklist to protect your network following a termination

Conclusion & More Resources to Protect Sensitive Data

Preventing data exfiltration requires a robust mix of data loss prevention tools, security training, user activity monitoring, and deep knowledge of internal vulnerabilities. By following the tips in this article you can mitigate the most common data exfiltration risks.

Dale Strickland
Dale Strickland
Dale Strickland is a Marketing Coordinator for CurrentWare, a global provider of endpoint security and employee monitoring software. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables.