Email data loss prevention

Data exfiltration: What you need to know

by Egress
Published on 8th Sep 2021

Every business has a duty of care to keep sensitive information safe and inaccessible to third parties. One topic that’s important to consider is data exfiltration. Exfiltration presents a threat to any business that has data it’s keen to protect — be it customer information or financial records.

Data is a valuable currency, and criminals know this. There’s plenty of data sold on the dark web, but it’s not just hackers about whom you need to worry. Your employees can also pose a risk when it comes to a security breach. Most often, this is done through reckless rather than malicious behaviour. However, it does occasionally happen as a result of malicious intent too.

What is data exfiltration?

Data exfiltration broadly refers to the unauthorised copying or transfer of data. That might be done directly from a server or an employee’s computer. The organisations most at risk are those with high-value data (classified data, financial records, customer emails). The risk often comes from outside threats, but trusted insiders can also be responsible for data exfiltration. 

The risks of data exfiltration

The kind of data that could be lost, sold, or leaked thanks to data exfiltration includes:

  • Credentials, including passwords and usernames
  • Confidential company data, like business strategy documents or intellectual property
  • Personal data about your clients, customers, or employees
  • Encryption keys
  • Financial data, including bank account details
  • Proprietary technology

Losing any of this information can have severe consequences for a business.

Stolen IP

While this may sound like the least of your problems following a data breach, a stolen IP can have serious ramifications. If proprietary information, software, or algorithms are stolen and leaked to competitors, your business could lose its competitive edge.

Losing trust with customers

Sensitive customer information such as names, passwords, addresses, and credit card numbers are worth a fortune on the dark web. Criminals can use them to commit identity theft and fraud. If you lose this information, your customers are affected, and you’ll lose their trust. That may mean a loss of earnings, compensation that must be paid, and compliance issues.

Regulatory fines

Under GDPR and other data protection acts, it’s your job to keep customer and employee data safe. Unauthorised access and transfer of this information may put you in breach of these regulations. Breaches can lead to hefty fines. In fact, the average bill for data breaches is around $4.24m for large corporations.

Why people might exfiltrate data 

There are several ways hackers might try to infiltrate your business to exfiltrate data. For the most part, this is to either leak that information, hold it for ransom, or sell it to other criminals. However, there are risks from inside your company, too, both malicious and accidental. 


Data can be exfiltrated by external cybercriminals through phishing or hacking. For example, they might use a spear phishing to gain login credentials, then use these details to access further files of systems and exfiltrate data.

The stolen data can be used to blackmail the business in question or be sold on dark web marketplaces.

Malicious insider exfiltration

In some cases, an employee or contractor might deliberately transfer or share data to cause harm to the company. A disgruntled employee might do this while still working for the company, or a former employee, who still has access to business systems, may look for ways to do damage to the business by leaking data.

Insiders may also exfiltrate data for personal gain by selling it to cybercriminals on the dark web.

Non-malicious insider exfiltration

This is where employees knowingly exfiltrate data, but they do so recklessly, rather than maliciously. They might be looking for shortcuts to do their job faster, or avoid security protocols they believe hamper their productivity.

For example, emailing sensitive data to personal accounts on personal devices, or sharing data with  an unauthorised  freelancer to complete work for them. Others may exfiltrate files to make life easier in a new role – they’re not deliberately trying to cause harm, but it’s still a breach and deliberately reckless behaviour.

How to stop data exfiltration

There are several ways to protect your business from data exfiltration. As with many cybersecurity threats, prevention is key. Here are some ways to stop data exfiltration:

  • Block unauthorized communications channels
  • Prevent phishing attacks
  • Immediately revoke access for former employees
  • Monitor the activity of those who may suspect imminent termination
  • Proper employee training
  • Set a clear BYOD (bring your own device) policy
  • Identify malicious and unusual network traffic
  • Use contextual machine learning software to minimise user error

Once data has been stolen, there’s usually nothing that can be done. Your business reputation could be damaged, any competitive advantage could be lost, and you’ll be considered responsible for the loss of sensitive information. It’s important to understand where data exfiltration may come from and guard against these threats; prevention is the best cure. The right policies and software in place make this much easier whether you’re dealing with an insider threat or a cybercriminal. 

The right security software can also help prevent both attacks from threat actors and employee errors. If you’d like to see how Egress Prevent uses contextual machine learning to protect against data exfiltration, we’d be more than happy to set you up with a free demo.

Found this article helpful? We’ve got a whole library of data loss prevention resources – take a look here.  Or, read TAG Cyber’s latest report on human activated risk and how it can impact your organization.


What do you mean by exfiltration of data?

Data exfiltration refers to the unauthorised transfer, copy, or sharing of information. That could be employee information, customer data, financial records, or classified files.

How do you stop data exfiltration?

There are several ways to stop data exfiltration, including proper policies — like revoking access to company systems as soon as an employee leaves — and contextual machine learning software that can help prevent human error. 

What is an example of data exfiltration?

One of the more innocent (though no less severe) examples is an employee taking files home on an unauthorised USB drive in order to do work at home. More malicious attacks could include disgruntled employees actively stealing data or a data breach through a social engineering scam.