Submitted:
10 June 2026
Posted:
11 June 2026
You are already at the latest version
Abstract

Keywords:
1. Introduction
2. Materials and Methods
2.1. Protection of Classified Information
2.2. Communication Security

2.3. Risks of Unauthorised Communication Channels
3. Methodology
4. State of the Art
4.1. Security Standards and Policies
4.2. Technical Controls to Prevent Data Leakage
4.3. Research Gap and Scientific Contribution
5. Results
5.1. Operational Context
5.2. Incident Description

6. Technical-Operational Analysis
6.1. Procedural Failures
6.2. Causal Analysis
6.3. Risk Assessment

7. Corrective and Preventive Measures
8. Discussion
9. Conclusions
Abbreviations
References
- NATO. Security Within the North Atlantic Treaty Organization. 2020. [Google Scholar] [CrossRef] [PubMed]
- NIST SP 800-137; Assessing Information Security Continuous Monitoring (ISCM). 2020.
- NIST SP 800-52; Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. 2019.
- Samarin, N.; Sanchez, A.; Chung, T.; Juleemun, A. D. B.; Gilsenan, C.; Merrill, N.; Reardon, J.; Egelman, S. The Medium is the Message: How Secure Messaging Apps Leak Sensitive Data to Push Notification Services; Creative Commons, 2024. [Google Scholar]
- National Security Agency. Mobile Device Best Practices. 2023. [Google Scholar] [CrossRef] [PubMed]
- ENISA. Data Protection Engineering: From Theory to Practice; 2022. [Google Scholar]
- ENISA. Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity; 2018. [Google Scholar]
- Signal chat flouted rules on classified intel, say former defense officials. Wash. Post. 2025. [CrossRef]
- ISO27001; Information security, cybersecurity and privacy protection — Information security management systems — Requirements. 2022.
- Security and Privacy Controls for Information Systems and Organizations. NIST SP 800-53; Rev. 5. 2020.
- NIST SP 800-61; Computer Security Incident Handling Guide. 2012.
- Mansour Naser Alrajaa, U. J. B. M. A. Information security policies compliance in a global setting: An employee’s perspective; ELSEVIER, 2023. [Google Scholar]
- ENISA, E-mail security. 2010.
- NIST SP 800-46; Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security. 2016.
- Homoliak; Toffalini, F.; Elovici, Y.; Ochoa, M. Insight into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures. ACM Computing Surveys, 2018. [Google Scholar]
- Silic, D. S. a. G. O. Mario. Influence of Shadow IT on Innovation in Organizations; CSIMQ, 2016. [Google Scholar]
- Saxena, N.; Hayes, E.; Bertino, E.; Ojo, P.; Choo, K.-K. R.; Burnap, P. Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses; Electronics, 2020. [Google Scholar]
- Silic, M. a. B. A. Shadow IT–A view from behind the curtain. In Computers & Security; PRE-PRINT, 2014. [Google Scholar]
- Singh, P.; Sharma, A. A systematic literature review on insider threats. 2022. [Google Scholar] [CrossRef] [PubMed]
- Goldberg, J. The Trump Administration Accidentally Texted Me Its War Plans; The Atlantic, 2025. [Google Scholar]
- NIST SP 800-63B-4; Digital Identity Guidelines Authentication and Authenticator Management. 2020.
- ENISA. Cloud Security Guide for SMEs. 2015. [Google Scholar] [CrossRef] [PubMed]
![]() |
![]() |
| 1 | Signal is a free, open-source and encrypted messaging application focused on privacy and secure communications. |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2026 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

