Small Business Defense – Web Disclosure

The best defense you have against an accidental data leak is to keep a clear data classification policy and invest in technology that prevents data tagged “private” (or “non public”) from being released.  However, that’s not practical for many businesses.

As an alternative, you can flip it around and run attacks against your own servers.  You can do file-level scans and make sure that the only files made public are the ones that are supposed to be.  Note though, that an attacker could always find your scanning software and use that to explore the system (as I did).

Alternatively alternatively, you could run various Google scans against your systems.  You could even schedule them to occur on a regular basis.  Of course, the scans would only be as good as the person setting them up and it would be quite possible that something could slip through.  Of course, regardless, you’re only catching things this way once Google knows about them… and then attackers might be able to get them too.

You could also just not have any public Web presense at all.  If there’s no web site, there’s no chance of a data leakage… but it would also make it difficult to get new business.  The same goes for not having any private data.  Unless you’re working strictly with open source, odds are that you’re going to have some secret.

You know, a data classification program is starting to look more appealing.