Skip Links

Can you no longer avoid closely monitoring employees?

Insider threat said to be increasing IT security risk in tough economic times

By , Network World
April 27, 2009 12:05 AM ET

Network World - This is one in a collection of seven pieces on Burning Security Questions. Read the rest here.

The insider threat has always existed, but in an era of economic upheaval and uncertainty, the problem is only magnified. That point came across in a recent Ponemon Institute survey of 945 individuals who were laid off, fired or quit their jobs during the last year, with 59% admitting to stealing company data and 67% using their former company's confidential information to leverage a new job.

How far should information technology managers go to protect corporate data?

"There's a balance," says Max Reissmueller, senior manager of IT operations and infrastructure at Pioneer Electronics, in Long Beach, Calif. "I wouldn't want managers coming to me to keep an eye on a particular employee, wondering what they are doing every minute."

At the same time, Pioneer is determined to protect its intellectual property, customer service lists and other sensitive data.
"I don't want a disgruntled employee trying to take a bunch of information," Reissmueller says. That's a main reason the firm has installed network-access control gear to monitor traffic to the "crown jewels," to keep an eye on whether employees are trying to overstep their authority.

Using a ConSentry switch and network-access control product, Pioneer will watch for patterns that might reveal wrongful behavior and block it. "But I don't want my security staff to become Big Brother," Reismueller says.

All it takes is a data leakage case to compel organizations to beef up their monitoring.

The University of Arizona went through a few data-leak imbroglios where it had to make public notification about exposed personal data, says Eric Case, information security officer there.

That induced the university's information and security office to kick off a program that involved making sure that faculty staff there weren't leaving sensitive data lost and forgotten in computers.

To determine that, the university has deployed data-leak prevention freeware called Spider that can go out and look into a targeted machine to see if it's holding data that shouldn't be there in order to either delete it or move it to a more secure server.
Although the security staff did explain in depth what it was up to, "we had a couple of people freaked out because we were looking at their files," Case says, speaking about the topic at the recent Infosec World conference in Orlando. "They were upset."

But after calming people down, the data-leak prevention process had to proceed because "we know we have data all over the place," Case says. "Have we reduced our threat surface? Quite a lot."

Rick Haverty, director of IS infrastructure at the University of Rochester Medical Center in New York, says laws and regulations his organization must abide by regarding patient healthcare information leave no choice but to confront instances in which it appears employees may have broken rules. One concern is an employee taking a sneak peek at someone's medical records without cause.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News