By Drew Fox Jordan • October 29, 2020

    What Is Data Exfiltration?

    Donor data is valuable currency. Data brokering is a $200 billion industry - and this is only taking into account legal data brokering, not what is being sold on the dark web. For nonprofit organizations, this data can be anything from giving history to their social security number and the consequences of this data being leaked are tremendous and far-reaching. When data is leaked purposefully and without authorization regardless if the intent was malicious or well-meaning, that is called data exfiltration.

    data exfiltration

    Data can be exfiltrated in a number of ways from both insiders and external bad actors. One of the most common methods of data exfiltration is a tool we all use every day - email. Over 124 billion business emails are sent and received every day and employees spend 40% of their time on email, sharing sensitive information and unstructured data. Needless to say, it’s a treasure trove of information, which is why it’s so often used in data exfiltration attempts.

    So how is such a commonly used tool such a threat? One of the biggest risks is a well-intentioned employee sending sensitive donor data to their personal email account. This type of risk is called an “insider threat”. Insider threats are people - whether employees or former employees - with legitimate access to donor data who deliberately exfiltrate data for personal gain or accidentally leak sensitive information.

    Because email is an unencrypted medium, sending sensitive data via email leaves that information susceptible to attack from malicious actors. Once work-related documents are brought outside work servers, it becomes impossible to protect. Most nonprofits have data security software that can only protect data that is on company servers. By moving donor data to a personal computer, that data is breached and puts the entire database at risk.

    In order to have a chance at detecting and preventing insider threats, organizations must look at securing email communications. But, traditional Data Loss Prevention solutions for email fall short and today, artificial intelligence (AI) technology is the only way to prevent data loss and data exfiltration.

    By understanding human behaviors unique to the nonprofit fundraising space, Gravyty Guard uses AI to train models, deploy proactive alerts, and provide detailed, flexible reporting to protect employees from being the source -- maliciously or accidentally -- of the next donor data security breach.

    Is your donor data protected? Take our FREE 15-minute assessment and receive your own Data Security Health Score and find out if your organization is secure.



    Posts by Topic

    see all