Skip to content
A file folder that has been unsecured.
1 minute read

How to Plug Your Leaks (Before They Happen)

Do you know who in your organization has access to what resources? Does it really matter? 

Chrissy Snow from Three's Company looking around in confusion with her finger on her chin.

If you have to think about it, you’re in the wrong profession. | Source: Three's Company

Three months ago, a member of the Air National Guard was arrested for allegedly posting extremely confidential documents about a number of countries—including China, Egypt, Iran, South Korea, Israel, and Canada—to the platform Discord. If that wasn't enough, he also leaked highly detailed information and analyses related to Russia’s invasion of Ukraine.

As you can imagine, the leaked documents could cause serious harm. They led to a diplomatic crisis between the U.S. and a number of other countries. His actions caused damage and international tension that could take years to undo.

While it’s likely that an info leak at your org won’t have the same effect, it could lead to serious harm depending on the type of organization you work for and the nature of the leak. For example: 

  • Leaking your secret ingredients could cause product sales to plummet. 📉
  • Leaking your customer list can cause competitors to reach out to them. ☎️
  • Leaking patient names can bring about large penalties from the feds. 💰

And so on... 

How do you prevent info leaks from happening at your organization? 

  1. Give new people only what they need access to. Every new employee does not need the same access (even on the same team). Look at the requirements of their job and provide access to resources accordingly. 
  2. Monitor:
    • Who has access to the most critical resources and if that's appropriate.
    • A person’s access any time they're promoted or have a change in role.
    • If temporarily granted access is still needed or should be revoked.
  3. Have at least one administrator for each account so that you have checks and balances in place.  
  4. Make sure access is locked down when an employee leaves the org
  5. Make sure your employees understand that password sharing is prohibited.

Even with all of those safeguards in place, it’s still possible that people with access to confidential information can leak info, whether by mistake or on purpose. ➡️ And that’s where your culture of compliance comes in: your employees have to know it’s okay to speak up if they see anything wrong (like another employee sharing confidential info!) and they need to know that there are consequences for acting unethically. 

P.S. Looking for resources on keeping confidential stuff confidential? Yeah, we’ve got that

Don't miss out!

Get compliance tips and resources delivered straight to your inbox.