The insider threat is a real threat â€“ nothing new here, this is something we know since quite a long time. Protecting data against misuse by insider (accidentally or criminal) is a key challenge for security organizations as you have to protect data against abuse by people who need to have access to the same data for their jobs. In my past I saw it several times that sensitive information leaked â€“ sometimes even by the top management â€“ and the same is true I guess for you.
But now, what happens if an employee plans to leave the company? How likely is it that he/she copies information before they actually resign to use the data in their new job? Think about sales data and key contacts. Not that this is new at all but it might guide us to new approaches regarding monitoring. Have you ever tried to guide your Data Loss Prevention/Information Leakage Prevention team into the direction to setup rules to predict a resigning employee?
This article Five signs an employee plans to leave with your company’s data gives some interesting figures:
Sales reps that had shown a spike in abnormal system activity between weeks nine and 12 of a financial quarter generally quit at the end of week 13 â€“ in many cases because they knew they weren’t going to meet their sales quotas.
I am convinced that over time we need to approach the confidentiality problem by company-wide encryption. But until then, tweak your monitoringâ€¦..
- Survey: One-Third of Employees Would Sell Corporate Information for the Righ… (community.spiceworks.com)
- Organizations must stay vigilant against insider threats (powermore.dell.com)
- C-suite take note: there’s more to IT security than keeping you safe (information-age.com)
- Survey: One-Third of Employees Would Sell Corporate Information for the Right Price (tripwire.com)