{"id":10794,"date":"2010-08-19T13:09:57","date_gmt":"2010-08-19T13:09:57","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=10794"},"modified":"2010-08-19T13:09:57","modified_gmt":"2010-08-19T13:09:57","slug":"prevent-the-stealing-company-data","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=10794","title":{"rendered":"Prevent the Theft of Company Data"},"content":{"rendered":"<p>A\u00a0<a href=\"http:\/\/www.itnewsonline.com\/showprnstory.php?storyid=114832\" target=\"_blank\">news story <\/a>has hit the wires with the results of a survey that was done with USA and UK workers.\u00a0 29% of US and 23% of UK employees would steal data from their employers if leaving the job, presumably to use it in a new job.<\/p>\n<p>I&#8217;ve talked about the methods to prevent all of this before:<\/p>\n<ol>\n<li>Calculate the value of your data and the loss that will be caused if it leaks or gets into the hands of partners, customers or competitors.\u00a0 Use that risk value to budget your plans.<\/li>\n<li>Understand that this isn&#8217;t something a secretary or IT admin does.\u00a0 This is something that the information worker does.\u00a0 It&#8217;s more likely to be done by a senior person than a juinor person because they have more access to sensitive data, understand the data more, and have more to gain.<\/li>\n<li>User proxy controls to preven access to webmail and upload services.\u00a0 That&#8217;s only a slow down.\u00a0 Wifi services and mobile computing pretty much kill this one.<\/li>\n<li>Prevent access to removable media usign Group Policy and\/or third party solutions.\u00a0 This is another slow down, rather than prevention mechanism.<\/li>\n<li>Implement real processes with data owners to authorise access to data and regularly review the granted access permissions.\u00a0 Prevent the usage of nested permissions because that&#8217;s when things do go wrong here.\u00a0 If the business doesn&#8217;t buy into this process (because they are too busy) then IT\/security hasn&#8217;t a hope; this is business data, not IT data.<\/li>\n<li>Implement AD Rights Management Services to control who can view your data and what they can do with it, no matter where it goes.<\/li>\n<li>Encrypt your PC\/laptop disks.\u00a0 Yes: PC&#8217;s too cos they can get stolen.\u00a0 Critical servers might be included in this as well.\u00a0 And look at solutions such as BitLocker To Go for removable media (if allowed) to force encryption on users.<\/li>\n<li>Forget Sandra Bullock clicking PI symbols or Keifer Sutherland running around with a perspex box full of circuitry.\u00a0 Physical security is key.\u00a0 If I can get to your server then I can get to your data.\u00a0 How hard is it to slid some disks out?\u00a0 Not very.\u00a0 Do you have sensitive data sitting on a server, in a broom closet (or under the reception desk) in a branch office?<\/li>\n<li>Audit, audit, audit.\u00a0 Use OpsMgr ACS, etc,\u00a0to gather the logs.\u00a0 I have seen a case where a sales person was suspected of leaking customer data to his new employers.\u00a0 The client (a pharmaceutical multinational) did not have any auditing of any kind on their email or web proxy systems and could proove nothing.<\/li>\n<li>Work with <em>local<\/em> employment law\u00a0experts with a specialisation in IT.\u00a0 One corporate right that applies in Canada or the USA, might not apply in the UK, and might get you sued (and lose) in Germany or Italy.<\/li>\n<li>Communicate that you are auditing everything that happens everywhere.\u00a0 Let people know that you&#8217;ll rip their heads off and squish their livlihood like a bug in a court of law if they are caught.\u00a0 Repeat this message regularly.<\/li>\n<li>Work as a team.\u00a0 There&#8217;s no point in the insecurity officer being all hush-hush when he suspects something.\u00a0 He has to work with IT to prevent a leak or investigate it because IT understand the systems &#8211; they also might be ordered by the person who is being investigated to help with the leak!\u00a0 I have seen this happen.<\/li>\n<li>Don&#8217;t be afraid of setting an example, especially if it is a senior person.\u00a0 Coverups don&#8217;t stay secret and don&#8217;t send out the required message of prevention.<\/li>\n<\/ol>\n<p>That&#8217;s 5 minutes of thinking about this.\u00a0 Give me a bit more time and I&#8217;d have an entire data security strategy to keep a lid on things!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A\u00a0news story has hit the wires with the results of a survey that was done with USA and UK workers.\u00a0 29% of US and 23% of UK employees would steal data from their employers if leaving the job, presumably to use it in a new job. I&#8217;ve talked about the methods to prevent all of &hellip; <a href=\"https:\/\/aidanfinn.com\/?p=10794\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Prevent the Theft of Company Data&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[37],"tags":[190],"class_list":["post-10794","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/10794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10794"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/10794\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}