Insider Threat to Information

A key executive leaves a financial services firm, purportedly to work in another industry. Any company would be disappointed to lose a senior executive. However, in this instance, he was followed by a spate of exits from his team. Thereafter the CEO also found from customers that this Executive had joined a competitor company and competitor was using certain confidential key numbers in their planning reports and presentations to customers. CEO also found that Executive had taken several hundreds of confidential electronic files with him to the other company.

The CEO was concerned that in spite of hardening of computers and laptops, Executive was still able to remove information from the company. CEO took his IT people to task but information was already lost and damage done. This is a scenario that plays out quite frequently in our workplaces i.e. employees on their way start taking out information even before notice period starts. In fact employees start chalking out information extraction strategies around the time they start looking for other opportunities. Information thefts due to insiders’ actions are perhaps the biggest causes of information security breaches. In this particular situation it was later found after a forensic investigation that the key Executive took out information via following means:

1. Emails to his own personal external accounts
2. New software was loaded in his laptop by IT in the fortnight before his last date and while installation IT department had to suspend the end point controls on the laptop for a day but Executive kept the laptop during this time. Executive exploited this by downloading information in a USB drive.
3. He also exploited weakness in his Smartphone mobile where he was able to download email attachments into external cards.
Investigation revealed that Executive had been preparing for his move for quite some time and intensified during his 3 months notice period. So what can company do to help identify such a malicious insider and prevent such information theft?

1. It is very important to do a risk assessment from the perspective of vulnerabilities. Risk managers would do well to think out specific scenarios to challenge the IT department’s controls.
2. Look for Red flags
a. Employees using personal rapport with IT to seek out vulnerabilities & loopholes to get around controls.
b. Employees who have a grudge against the company or are constantly talking about changing jobs
c. Increased rule-breaking or misbehavior,
d. Physical altercations
e. Breaking dress code
f. Suspicious behavior
g. Signs of extreme stress
3. Educating employees including IT and IT helpdesk about the human aspects of information securities.
4. Annual renewals of non-disclosure agreements and employee education are key to protecting your company from the malicious insider and creating a culture of security
5. Instituting very specific controls during the notice period so that employee does not get any opportunity to take information out. These controls should kick-in when employee resigns. In fact managers should begin controlling access even if they suspect an employee is looking out.
6. Run vulnerability assessments, penetration tests and network scans to identify internal and external weaknesses on a quarterly basis. Security configurations should be compared with the baseline every 15 days.
7. Putting content based controls on emails.
8. Monitoring
a. Increased or unusual patterns in network/workplace access
b. Log reports of attempted unauthorized access
c. Large data transfers during non business hours
d. Frequent emails to outsiders with attachments
e. Excessive file downloads

Other Services of Interest

  • HIPAA Awareness Training (Mandatory) - Riskpro India

    EVENT OVERVIEW: HIPAA stands for the Health Insurance Portability and Accountability Act and is a US regulation that deals with security measures for protecting patient’s medical records. Employees...
  • SEBI's Insider Trading Amendment - Free Webinar by Riskpro India

    Another important compliance topic that kicks off today. SEBI Amendment to Insider Trading Regulations. Join us for an hour to learn the important changes and how to deal with these. Register -...
  • Sox Training

    Our sox training covers the following points. 1. What is SOX? 2. The Act and its Sponsorors. 3. The background for bringing in this act. 4. Major Sections in the Act 5. Section 404 overview 6...
  • EUC Risks : Manage Spreadsheet risks - Riskpro India

    EVENT OVERVIEW Uncontrolled and untested spreadsheet models pose significant business risks. These risks include: lost revenue and profits; mispricing and poor decision making due to prevalent but...
  • 1 Day AML Training by Riskpro India - Mumbai

    Training event in Bangalore on Anti Money Laundering (AML) and KYC “Are we doing enough to protect integrity of Indian financial sector?” Banks face growing costs to comply with AML requirements...
  • Risk Management Software - Riskpro India's solution for Automating Risk Management

    Riskpro India finally offers small and mid enterprises a risk management tool that helps them to manage risks effectively. To request a 30 days trial, please contact info@riskpro.in Why is Risk...
  • EU-US Privacy Shield for Data Transfers

    Come GDPR (General Data Protection Act) and EU-US PRivacy shield will assume more importance. Privacy Shield Overview The Privacy Shield program, which is administered by the International Trade...
  • Reduce your GDPR implementation Costs - Hire GDPR Experts in India

    Reduce cost for GDPR Compliance - Remote Consulting from India GDPR readiness assessment and implementation can be costly. And time is short. Instead of paying premium fees to local GDPR consultants...
  • Riskpro India on top of Emerging Risks that bother you

    Riskpro India is well positioned to offer advisory services for emerging risks such as Data Protection (GDPR), information security, assurance services such as Third party risk management, internal...
  • Go to top