Before the release of the company's financial report, employees may unintentionally or intentionally disclose confidential data through the following channels： ###1. Electronic communication channels 1. **E-mail and instant messaging tools** -**External email or private account**: Employees may use personal email or unencrypted corporate email to send financial data, or be induced to disclose information by phishing emails. -**Instant messaging tools (such as WeChat, Slack, WhatsApp)**: Discuss sensitive information in internal or external groups, or send files to the wrong contacts by mistake. 2. **Cloud storage and file sharing platform** -Upload financial data to a public cloud disk (such as Google Drive, Dropbox) and set weak permissions, resulting in links being made public or stolen by third parties. 3. **Social media and forums** -Discuss work progress on platforms such as LinkedIn and Weibo, or anonymously disclose key data on industry forums (such as Reddit). ### 2. Leakage of physical media 1. **Print files and paper documents** -Printed financial drafts were placed at random, not destroyed in time, or intercepted when sent by courier/fax. 2. **Mobile storage device** -Data is lost after copying from a U disk or mobile hard disk, or the device is implanted with malicious software, causing data outflow. ###3. Internal system vulnerabilities 1. **Improper rights management** -Too many employees have access to the financial system, or the authority of outgoing employees has not been revoked in time. 2. **Insecure transmission and storage** -Transfer files over an unencrypted internal network, or store data in an unprotected shared server. ###4. Third-party cooperation and external attacks 1. **Suppliers and partners** -Third parties such as audit companies, consulting agencies, etc. leaked the data due to insufficient security measures after receiving it. 2. **Social engineering and cyberattacks** -The attacker pretends to be an executive or a colleague, and induces employees to provide financial data (such as “urgent need reports”) through telephone calls and emails. ###5. Telecommuting and personal equipment 1. **Home network and personal equipment** -Processing data through unsecured home Wi-Fi, or using personal mobile phones or computers to cause files to remain or be stolen. 2. **Operation in public places** -Screens are peeked at while processing financial documents in public places such as cafes, or connecting to public Wi-Fi leads to man-in-the-middle attacks. ###6. Employee behavior and social scenarios 1. **No intention to discuss** -In private conversations with colleagues, relatives and friends, mention key data on the phone, or over-share details in industry meetings. 2. **Actively leak** -Employees are tempted by their interests to sell information to the media and competitors, or to show internal data to new employers when looking for a job. ###7. Risks of technical scenarios 1. **Development and testing environment** -Financial data was accidentally imported into the test database and exposed to the public network, or code repositories (such as GitHub) misrepresented configuration files containing sensitive information. 2. **Backup and archive** - Use an unencrypted backup service or misconfigure backup permissions, resulting in publicly accessible data. ###8. Other potential channels -**Screen shots/photos**: Employees use their mobile phones to take financial data on the screen and spread it through social software. -**Abandoned equipment**: Financial data from old computers and hard drives are resold or discarded if they are not completely erased. ### Summary The risk of leakage from these channels may be superimposed. For example, an employee sends a financial report to a colleague via a private WeChat, and the chat record is stolen by malicious software. Enterprises need to combine technical prevention and control (such as encryption and rights management), employee training (such as anti-phishing drills), and process supervision (such as audit logs) to reduce risks. During the preparation period of financial reports, in particular, it is necessary to limit the scope of data access and monitor abnormal data flows.