Data Leakage
Stop sensitive data from leaving your org.
What Is Data Leakage?
Data leakage occurs when sensitive information leaves your organization's control through accidental or negligent means rather than a deliberate cyberattack. The Ponemon Institute estimates that negligent insiders cause 56% of all data breach incidents, and the average cost of a data breach involving human error reached $3.33 million in 2023. Most data leakage is not malicious. It is the result of everyday mistakes that employees make without realizing the risk. This exercise walks you through the most common data leakage scenarios that occur in real workplaces. You will experience the moment you accidentally send a confidential financial report to the wrong email recipient because of autocomplete suggesting a similar name. You will discover hidden metadata in a Word document, including tracked changes, author names, and file paths, that reveals internal discussions when shared externally. You will see how an unsecured file share with default permissions exposes sensitive documents to everyone in the organization. The simulation also covers less obvious leakage channels: copying sensitive data to personal cloud storage for convenience, discussing confidential details on a video call with screen sharing active, and uploading files to AI tools or third-party services without checking data processing agreements. You will practice classifying data by sensitivity level, applying the principle of least privilege to file sharing, double-checking email recipients before hitting send, and scrubbing document metadata before external distribution.
What You'll Learn in Data Leakage
- Identify the most common accidental data leakage channels including misdirected emails, unsecured file shares, and exposed document metadata
- Scrub hidden metadata from documents, presentations, and spreadsheets before sharing files outside your organization
- Apply the principle of least privilege when configuring file share permissions and cloud storage access controls
- Classify information by sensitivity level and apply appropriate handling procedures for each classification tier
- Recognize less obvious leakage vectors including screen sharing exposure, AI tool uploads, and personal cloud storage transfers
Data Leakage — Training Steps
-
Introduction
Today, you will learn about data leakage risks and how sensitive information can be accidentally exposed through everyday business activities.
-
Preparing for Client Meeting
Alice is preparing for an important client call about Nexlify Solutions' new software product. She needs to access the client database using her account credentials. As she prepares, Alice writes down her account password on the whiteboard because it's been updated recently and she's not used to her new password yet. The password is now clearly visible on the whiteboard behind her desk, but Alice is not aware of that.
-
Accessing Client Database
Alice needs to access the company's client database to prepare for the presentation. She uses the web browser to open Nexlify Solutions' internal client database portal and signs into her account using the password she wrote on the whiteboard. This database contains sensitive client information that will be referenced during the upcoming meeting.
-
Receiving Meeting Invitation
Alice receives a meeting notification for the client presentation with GlobalTech Solutions, a prospective client. She's been preparing all morning and is eager to make a good impression.
-
Joining the Video Call
Alice joins the video meeting with GlobalTech Solutions. She positions herself at her desk, not realizing that the whiteboard with her password is clearly visible behind her. The meeting begins and everything seems to go smoothly.
-
Successful Meeting Conclusion
The meeting concludes with what appears to be positive results. One of the participants, Bob Stevens, asks unusually specific questions about how client data is stored. Alice finds the questions slightly unusual but confirms they have a secure database. Overall, she believes the meeting went well.
-
Bob's Corporate Espionage
What Alice doesn't know is that Bob Stevens was never from GlobalTech Solutions — he's a corporate spy working for CompetitorCorp. During the video call, Bob noticed Alice's password on the whiteboard behind her. He now uses it to access Nexlify Solutions' client database and downloads everything.
-
Devastating Contract Loss
The next day, Alice receives a shocking email from GlobalTech Solutions informing her that they have awarded their contract to CompetitorCorp instead. The competitor somehow offered terms and pricing that exactly matched GlobalTech's specific requirements.
-
Security Breach Discovery
Later that day, Alice receives an urgent email from Nexlify Solutions' CEO and IT security team. They have discovered during a routine security audit that the company's client database has been compromised.
-
Devastating Realization
Alice suddenly turns around and looks at her whiteboard, realizing with horror that she caused the security breach. Her password was visible behind her during the entire video call, allowing Bob to access the client database using her credentials.