Microsolve Business IT Insights

Stopping Data Exfiltration in Your Business

Written by Dale Jenkins | 13 May 2025 4:15:00 AM

Data exfiltration—the unauthorised transfer of sensitive information out of your organisation—remains one of the most pressing security challenges for Australian businesses.

In simple terms, if you have data stored on a computer - desktop, laptop or onsite server - your data is at risk.  Protecting what in many respects is your greatest business asset is an imperative for most Organisations - the risk of getting it wrong is more than a few lost files as has been evidenced in numerous high profile "hacks" over the last couple of years (Medibank, Optus, Latitude Financial, FIIG Securities, etc).

Understanding Data Exfiltration Risks

Debunking the Onsite Desktop Myth

While desktops are less likely to be physically stolen than laptops, both device types are vulnerable to data exfiltration. Threats such as malware, phishing, insider actions, and the use of USB drives can compromise any endpoint, regardless of portability. Physical access to a desktop in your office can be just as dangerous as a lost laptop in a café.

Risk Factor Desktop Laptop
Physical theft Lower Higher
USB data exfiltration High High
Malware/phishing High High
Insider threats High High

 

The Real-World Threats

Apart from "stealing" a physical device, below are top 5 most common ways that data is removed from an Organisation:

  1. USB and portable storage: Both desktops and laptops can have data copied to external drives in seconds.
  2. Forwarding Email: Attach files to an email and send it to your personal account, or open your personal account in a browser and attach them.
  3. Online Storage Services: Upload from an authorised device to a personal Dropbox, Google Drive or Box account.
  4. Phishing and malware: Attackers use emails and malicious software to access any device.
  5. Insider threats: Employees or contractors with access can exfiltrate data, regardless of device type.

 

Why Traditional Security Isn’t Enough

Physical security and traditional antivirus solutions no longer offer sufficient protection. Modern attacks target endpoints through multiple channels, and the risk of data exfiltration exists wherever sensitive data is stored or accessed.

The Modern Solution: Microsoft 365 Business Premium

To effectively stop data exfiltration, businesses need a layered, cloud-based security approach. Microsoft 365 Business Premium offers advanced features to protect your data across all devices—no matter where or how it’s accessed.

Key Security Features

  • Microsoft Defender for Business: Provides real-time endpoint protection and automated threat response.
  • Multi-Factor Authentication (MFA): Blocks 99% of identity attacks by requiring additional verification.
  • Data Loss Prevention (DLP): Monitors and restricts the movement of sensitive data, preventing unauthorised sharing or transfer.
  • Conditional Access Policies: Rules that govern how data and applications can be accessed.

The Power of Conditional Access Policies

Of the above, the most effective (in my opinion!) tool for stopping data exfiltration is Conditional Access—a feature of Microsoft 365 Business Premium. Conditional access policies let you control data and application access based on combinations of any number of the below:

  • Device Location: Restrict access to sensitive data from trusted locations only (e.g., your office or approved regions). Block or challenge access from untrusted or high-risk locations.
  • Device Classification: Allow full access from corporate devices, Read-only from BYOD devices onsite and no access from unknown locations or devices.
  • Time of Day: Limit access to business-critical data during working hours, reducing after-hours exfiltration risks.
  • Device Compliance: Ensure only secure, malware protected, compliant devices can access sensitive resources.
  • User Risk Level: Apply stricter controls if a user’s behaviour is suspicious, such as multiple failed login attempts or sign-ins from unusual locations.

Real-World Impact:
Conditional access can automatically block downloads, copying, or printing of sensitive documents on unmanaged devices, require files to be encrypted before access, and prompt for re-authentication when risk factors are detected.

Things to Consider:

Smaller Organisations

  1. Enable MFA and basic conditional access to restrict access by location and device compliance.
  2. Set business hours access policies to limit after-hours data exposure.
  3. Educate staff on phishing and USB risks.

Medium/Multi-site Organisations

  1. Deploy advanced conditional access policies for location, device, and time-based restrictions.
  2. Monitor and review access logs for suspicious activity.
  3. Regularly update device compliance requirements.

Large Enterprises or those with Regulatory Requirements

  1. Integrate conditional access with SIEM tools for real-time monitoring and automated response.
  2. Automate policy enforcement across offices and remote teams.
  3. Conduct regular policy reviews and simulated breach exercises.

In Conclusion...

Stopping data exfiltration requires more than just locking down your devices or relying on outdated myths. Whether you use desktops, laptops, or both, your business needs a modern, layered security approach.

Microsoft 365 Business Premium—with its advanced conditional access policies—offers the tools you need to control who, where, and when your data is accessed.

Take action now to protect your organisation’s most valuable asset: its data.

 
View full post