Blog/Infosec 101/

What is data egress and why does it matter?

Elisa Armstrong

Elisa Armstrong


Feb 10, 2021


3 min read

Do you know who's in your home right now? You do because that’s what gives you the confidence to leave in the morning and return in the afternoon. But what if you didn't? What if people you don't know would come and go as they pleased?

That wouldn't be just weird — that would be unsafe. And even though we don't think about data in such terms, we really should. Because not knowing anything about the traffic coming in and out of your network can be detrimental to your data security.

That's why today we're covering data egress and why you should monitor it closely.

What is data egress?

Data egress is the transfer of data from within the network to an external one. In simpler terms, it’s data leaving your network, like when you’re moving files to the cloud. This often happens with your knowledge or permission, which is fine, required even. Because without data egress the internet simply would not function. But there are plenty of instances when outgoing traffic can be a problem.

Here are a few examples:

  • An employee becomes a phishing victim and willingly gives away sensitive company information.
  • Hackers penetrate the network, which grants them access to all company files.
  • You transfer files to a removable drive or another computer. There’s nothing sinister about the transfer itself, but data egress would become a problem if you lost your device.

Data egress vs data ingress: what’s the difference?

Data egress can also be called data exfiltration and describes all the data going out of the host network. Data ingress is the opposite. It is any outside traffic that enters your network, like when you’re downloading an email attachment or streaming a video file.

In data security, both data egress and ingress are important because one depends on the other. To exfiltrate data, hackers must first find a way into the network. But stealing even a small amount of data can then open the network to more attacks.

Data egress and its threats

Data is getting more abundant and valuable. You don’t need to look far to find data buyers because almost any piece of personal and corporate information can be monetized. Unfortunately, losing your data to hackers is just the beginning.

Data egress and its threats

Losing data is bad enough, but the problem is you can no longer log it. You don’t know who gets that information and how they intend to use it. And it’s not like losing your keys, where you can protect yourself by changing the locks. Data is different. Once it’s out there, it becomes almost impossible to control. Here are only a few threats you should consider.

  • Subsequent attacks
  • As we mentioned above, sometimes stealing data can help attack the same organization again for more protected data. This can often be the case in social engineering or privilege escalation attacks.

  • Blackmail
  • Thieves can try to extort you depending on the value of the stolen data, sometimes threatening to release the information to the public. However, even paying the thieves off doesn’t guarantee they haven’t made any copies.

  • Exposure
  • Whether giving the stolen information to competitors or exposing it to the public, having sensitive information out in the open can be a real problem to all kinds of companies.

Security measures for proper data egress management

You should know what data enters or leaves your network the same way you know who comes in and out of your house. There are several ways you can monitor network traffic and make sure sensitive data is never exposed.

Data encryption

While both serve the same purpose, traffic monitoring and data encryption rarely come in the same package. If you can choose only one, go with data encryption — knowing who comes and goes means very little if those visiting can take stuff without asking. The best way to prevent data egress is with NordLocker. Anything you put in NordLocker is encrypted instantly. Even if someone got into your network and downloaded your NordLocker files, they would only see a mesh of characters that don't mean anything without your permission.


Data encryption plays a major role in data egress prevention, but network monitoring should also be on your list. Firewalls analyze both incoming and outgoing traffic and allow you to set rules like individual app permissions.

Access limitation and logging

Sharing files and information efficiently is one of the backbones of a company. But since not just anybody should be able to access any company data, stakeholders must consider what gets locked up and when.

Limiting access can help protect the company's assets a great deal. Another thing is logging. In the case of an incident, you should be able to tell who and when accessed the data in question, who made amendments to the documents, and what data was deleted.

Elisa Armstrong

Elisa Armstrong

Verified author

Elisa’s all about languages. She speaks five, loves stand-up comedy, and is writing her first novel. Besides her extensive knowledge of cybersecurity, she’s an expert in persuasion techniques hackers use and strives to teach people how to avoid online scams.