social networks, blogs and forums may also expose the company to the threat of the data leaks. In actuality, social networks, blogs, and forums are extremely dangerous because they have become important channels of data leak and the company may be vulnerable to the threat of information breaches via this channel as many other companies are vulnerable to at the moment. The enhancement of the information security in relation to social networks, forums and blogs is particularly difficult (Menezes, et al., 2004). Hence, the company should pay a particular attention to the development of effective strategy of the enhancement of information security and rise of employees’ responsibility for the data leaks.
In relation to all sorts of the data leaks the company should implement the following steps: insiders’ tricks recognition, user identification, tracking employees’ mood, creating employees’ risk groups and activities tracking, internal investigations. These steps are very efficient and normally, they are applicable to different channels of information. The company just needs to take into consideration some specificities of the channel of the data leaks and use the aforementioned tools to minimize such a risk.
Prevention of data leaks via instant messengers
Instant messengers grow more and more popular today, since employees often believe that their communication and messages sent via instant messengers cannot be intercepted. The lack of awareness of the risk of the data leaks is the major factor that actually leads to the data leaks. If employees are aware of the risks and threats the information flow is exposed to in Skype or ICQ or any other instant messenger, they would be more carefully while using it. In this regard, the company should increase the awareness of employees and managers of the potential threat hidden in instant messengers. The rise of the awareness will decrease the risk of occasional information breaches.
In addition, the employer may have underestimated the risks the company is exposed to because of instant messengers. The low awareness of the employer is much more dangerous than the unawareness of employees because the company can encourage the wide use of instant messengers increasing threats and enhancing the information channel, which is virtually open to the data leaks (Tanenbaum, 2003). Even though, instant messengers are not very easy to use for obtaining sensitive data but still the risk is high, if the company fails to undertake any steps toward the prevention of information breaches via instant messengers.
The company should monitor the communication and messages of their employees. For instance, a sudden and substantial rise of the number of messages from an employee may indicate to his/her possible involvement in information leak activities, especially, if the employee had troubles with the senior staff before. In such a way, managers should pay attention to the mood of employees and their attitude to their managers and the company at large. Employees, who are in a risk group, should be supervised, while their communication should be under a strict control of a control officer of the company.
Numerous contacts of employees with outside users, who are neither employees of the company, nor customers, nor business partners may also expose the company to the threat of information breaches and data leaks. The company should tract all such cases of contacts with third parties and, if possible, prevent them to minimize the risk of information beaches. In fact, the data leaks may occur when employees of the company send sensitive information to third parties, who may rivals of the company, for instance.
The control officer should keep under control the communication of employees via instant messengers. The company should undertake such steps as insiders’ tricks recognition, user identification, tracking employees’ mood, creating employees’ risk groups and activities tracking, internal investigations (Levy, 2001). In fact, the company should track employees, who are inclined to playing tricks with the company’s information system and if they fail to change their behaviour the company should better fire such employees or, at least, include them in the risk group which is under a strict supervision of the control officer.