Whether you support of condone WikiLeaks and its publication of the leaked cables grabbed from the Secret Internet Protocol Router Network (SIPRNet) system, it's clear from the emails that I've been receiving that the incident has sparked concern amongst people who fear that data could be easily liberated from their business.
So can anything be done to prevent data leaks? Of course there can, but it'll cost you!
A modern PC is a mass of potential security holes that data can seep through. The PC in front of me right now has multiple USB and FireWire ports (some located conveniently on the front for easy access), it has media card slots (also on the front, all the better for someone to steal my data with), a fast CD/DVD/Blu-ray writer, it has network ports, a WiFi adaptor, and even Bluetooth. Oh, and it has a connection to the internet ...
Note: Media card slots are a real problem given that you can take a 64GB microSD card and conceal it inside a hollowed-out coin that's hard to distinguish from a regular coin. A lot of data can leak out of that little slot!
There's no way to plug all those potential leak, right? Wrong!
Software does exist that allows you (your admins, your organization, scale it up as you wish) to have control over these various leakage routes, and to prevent certain kinds of data from being "leaked' through various routes. An examples of such software (an example that I am familiar with) is Sophos Endpoint Security and Data Protection.
How does this tools help? Well, Sophos Endpoint Security and Data Protection offers a whole raft of features to allow an organization to lock down potential leakage routes:
- Detects and blocks unauthorized use of removable storage devices, optical media drives and wireless networking protocols (WiFi, Bluetooth and Infrared).
- Allows administrators to set a block or allow policy for different groups of computers.
- Data Loss Prevention deployment complete with scanning uniquely built into the endpoint agent to monitor the transfer of sensitive data.
- Reports instantly on device activity in the management console
- Simplifies administration with a single console for anti-virus, firewall, application control, device control and network access control.
- Data encryption for fixed and removable drives.
I will warn you that this kind of security doesn't come cheap (ten seat license for a year comes in at around $700), but when your data is important to your company, of leakage of that data can cause damage or embarrassment, you'll agree that this is a small price to pay.