We hear of a lot of insider threats these days with disgruntled employees who have been fired but earlier this month, a former COO of an on demand startup left the company due to tensions with the founders and landed a job with their competition to aid in the company’s international growth. The issue here is that before he left, the former executive has been accused of copying a treasure of confidential data to his cloud account to be able to be used to solicit employees from his former company. Even though his account was shut down following his departure, it has been perceived that there is no supportable evidence that the former COO still has those confidential documents.
It can be seen that this kind of insider threat was a planned malicious insider attack involving stealing sensitive company information. The insider saw opportunity to benefit from this and the former company had little they could do in order revoke his privileges from access those files. It has been said in many headlines in in the past, it is all about protecting the data, and that even means being able to revoke access to those sensitive files that contain confidential data. In this case, it was not possible and thus lead to a big legal case between the two parties.
With the FBI and Department of Homeland Security sending out warnings to all organizations in regards to insider threats, no single organization is safe from malicious and even more so accidental insider threats. So even with all the things they tell you to look for, or policies and rules that are assigned, will be of no use if your sensitive files are not encrypted with information rights management or digital rights management.
Even if files are lost or get into the wrong hands, unauthorized access is prevented and sensitive information is not exposed. Since files are automatically secured as they are saved, you can be assured that no one can access files leaked through any unauthorized disclosure to people inside or outside your organizations, especially in cases of insider threats. It is time that no more data breaches such as those caused by insider threats reach the headlines.
Don’t be caught in a situation where you can protect your own files from these kinds of risks. It is up to you to mitigate these situations by have the proper data-centric solution to prevent cases like these.
Photo Credit: Karri Huhtanen