Top 10 Ways To Prevent Data Leaks
Clean Up On Aisle 5!


Shawn Stewart
Mr. Stewart has 27 years of experience with hundreds of international, commercial, military, and government IT projects. He holds certifications with ISC2, Cisco, Microsoft, CompTIA, ITIL, Novell, and others. He has a Masters in Cybersecurity, a Bachelors in IT, a Minor in Professional Writing, and is a published author.
Your company leaks data constantly. How do I know? Recently, my team and I trained with a world-renowned hacker, PenTester, and bug hunter to learn the latest threats. Some targets you could guess. But, he opened our eyes to some sneaky tactics that we are definitely adding to our PenTesting. The question is, how does your corporate network stack up against of the latest threats? Here are the top 10 ways to see if you are leaking data!
GitHub Leaks
#10 – Does your organization post or pull GitHub data? Concerted efforts by nation-states and hacking groups are openly planting malware and ransonware inside the GitHub repository under very similar names to popular downloads. Double check what you download. And, as you should already know, be sure to deep-dive your own uploads to ensure no sensitive information like IP addresses, usernames, passwords, or API keys are hiding inside.
Cover the Leaks
#9 – Web-based systems are the number one target for hackers. This includes web pages, databases, and VPN endpoints. The best way to protect them is by using a Content Delivery Network (CDN) to mask the actual IP address of these systems. CloudFlare, Akamai, and others create a wall between your system’s real IP and the outside world. While security through obscurity isn’t recommended, CDNs block traffic from known threat actors and unwanted Geographically located IP addresses.
Fake the Leaks
#8 – Honey pots are great to see who is scanning your systems and what they are searching for. The honey pot typically sits in your DMZ or outside WAN as an attractive target for bots, scanners, and other nosy Internet visitors. Reviewing the honey pot data can help you better protect against scans and attacks. Don’t know where to start? Try OWASP Project Honey Pot. Read more about it here (Link)
Bait and Switch
#7 – Don’t use the same IP address ranges for hosted systems as you use for outbound Internet traffic. Huh? OK, let me explain. When your user base browses the Internet, even if they’re using a local proxy, the public IP address is broadcast to the world. If the range is the same as your DNS listed servers, an attacker may trick your users into accessing their systems by posing as a legitimate system. Best case, an attacker has information on the attack surface of your public network.
Unheard Leaks
#6 – You’re monitoring all of your devices. Everything dumps to a central Security Information and Event Management (SIEM) system. Now what? Are you actively searching for Indicators of Compromise (IoC)? “No,” you say. “Our endpoint protection is doing that.” Maybe for laptops, mobile phones, and servers. But what is monitoring your network devices? Your printers? Your surveillance cameras? Yes, you should monitor the logs for ANY device that supports it. Any network device can become an entry point.
Factory Leaks
#5 – Have you checked the Mitre Attack database (Link) for all of your devices and software? Oh, OK, sure you have. But have you noticed how many systems still in the box already have vulnerabilities? Always update your new hardware and software immediately before placing it into production. That includes firmware and removing ALL default logins, passwords, and configurations. All that information is public knowledge.
Cloud Leaks
#4 – Everyone seems to have something hosted in AWS, Azure, or Google these days. How many companies access them across the open Internet? WAY TOO MANY! All traffic not directly Internet facing should use a firewall or SD-WAN solution to connect securely to your corporate network. Nearly all firewall providers have a virtual firewall you can install to encrypt and secure all traffic to and from the Cloud.
#3 – Are you using SalesForce? More than 90% of all Fortune 500 companies do. Did you know that many companies using SalesForce Community Sites are leaking data? According to the OWASP Top 10 (Link), misconfiguration, insecure design, and too much permission are now the top reasons for breaches. If you are tasked with securing SalesForce, consider hiring an expert. Read about SalesForce data leaks here (Link).
Dorks!
#2 – Google sees all and knows all! Dorks! No, really, use Google Dorks to search your company’s information publicly available on the Internet. What types of information can you find? Running the follow search (replacing example.com for your domain) will show you URLs with API keys –
site:example.com AND (inurl:api OR inurl:key OR inurl:apikey)
Also, if you’re using Google Analytics or AdSense, do NOT use the same GTM tracking codes on multiple sites. Again, this is public information. A Google Dorks cheat sheet can be found here (Link).
OSINT Waterfalls!
And the #1 way to see what data your company is leaking could actually be an entire blog post. OSINT.sh (Link) is a collection of online tools to search for public DNS, IP address, and certificate information about your domains. Seriously, you can cross reference your current and historical DNS mappings and certificates, verify geolocation of IP ranges, and much more. You should spend time here searching all of your domains. What you find is likely already loaded into some bot. There is a paid site called Shodan.io (Link) that provides more detailed information, if you’re interested.
And those are the Top 10 ways to see if your company is leaking data. However, the single most important protection against data leaks is a full Penetration Test performed by a certified, experienced analyst. Don’t pay for a port scan. You can run a port scan using NMAP both inside and outside. Find someone who will absolutely try to by-pass security and steal your data. And don’t let leadership tell you it’s too expensive. Read how “C” is for Clueless here (Link). If you can’t find and patch your security vulnerabilities, your company may be in the news as a victim of data theft or ransomware.
Need Help?
Reach out to us! We’re all in this together. Visit our contact page to submit an inquiry. Also, please follow us on social media for the latest updates.
Check Out Our Podcast!
The Hillbilly Hacker Podcast is the hottest new show on the Internet to learn about today’s latest technology in simple words. You can find the Hillbilly Hacker on Spotify, Apple, Amazon, or where ever you find your podcasts. (Link)