When the economy started its downturn, I began thinking about how the economic situation might affect Information Security and if companies would be exposed to any different or additional risk.
My thoughts initially focused externally, particularly on people with computer skills who were out of work, had a lot more time on their hands and who could potentially use their knowledge and skills to write more viruses and malware. I also thought that there might be an increase in social engineering attacks. Social engineering attacks are usually conducted over the telephone to gain information about a company in order to perform some sort of scam or simply to gather information to build a more targeted resume. Specific knowledge of the systems and software that a company uses can be a differentiator in an interview.
But after reading several recently published articles on data theft, it appears that there are also some significant internal risks for companies to keep in mind as well. A web based survey was conducted by the Ponemon Institute who interviewed nearly 1000 people that had left their jobs in the past year, found that "59 percent of ex-employees admit to stealing confidential company information, such as customer contact lists. The results also show that if respondents' companies had implemented better data loss prevention policies and technologies, many of those instances of data theft could have been prevented."
Most of this information loss was in the form of employees forwarding e-mails to their personal e-mail accounts or by copying files to DVD’s and USB drives without their employer’s permission.
Does your company have policies or employment agreements in place that address the inappropriate copying of sensitive information?
Would your company even know if an employee copied sensitive information before they resigned or were laid off?
State privacy breach laws clearly specify the criteria and penalties for data breaches. We all know that the direct and indirect financial impact of a breach can be devastating to a company. These facts combined with the forecast of continued economic problems highlight that it is critical for all companies to increase their focus on data loss monitoring and prevention. With increased layoffs, staff turnover and unemployment numbers growing at the same rate as USB storage capacity, this risk is not one to be ignored.
Comments