Corporate Crime: Departing Employees Are Security Horror

Co-Authors: Derick Khoo and Gary Tan

What are the odds for a few bad apples in the organization who are either being laid-off or simply moving to another opportunity secretly take proprietary data from their employer on their way out the door?

I had a cold feet while reading through an article on Wall Street journal. Apparently email is the leading source of data loss/leakage. What’s horrifying is 69% of organizations surveyed (by the Ponemon Institute last year) indicated employees send confidential and sensitive information via non-approved, unsecured email methods. But what surprises me are really two things. 1) The unsympathetic attitudes by these departing bandits like it’s their “entitlement” to information they create on the job and 2) Shouldn’t technology play a stricter vigilant role with leakage and usage of sensitive data? 

Let’s address these two separately. On the first point, psychological reasons of why people steal information at work and feel justified in doing so is coupled with lack of employee loyalty, job burnout with no career development plan turning to scouting for new opportunities or frustrating behavior from immediate managers impelling employees to be vindictive. Now addressing the second part on the role of technology, how am I to believe that confidential emails from my corporate Google mail or Office 365 email are not being forwarded to a secret unknown email box? Aren’t the security or encryption softwares supposed to detect a fraudulence act?

 

How do we catch mistakes before it happens? How do we apply Predictive Analytics to Risk & Fraud detection? So this was the starting point of my knowledge voyage.  I plunked on a cool solution called TrustView Risk Analytics (www.trustsphere.com).

The solution as a good bled of Relationship Analytics software that resides on top of Office 365 or Google mail and analyzes existing digital communications logs and helps discover information flow to competitor organizations and non-work, free mail domains.  It helps Identify suspicious activity by analyzing source & destination, attachment size, and subject headers without looking at any content.

As they say the best protection is prevention, user-friendly reporting tools enable investigators to easily access real-time data and evidence exposing unusual relationships between employees, customers, teams and third parties. So while human error may be inherent in our nature, it doesn’t mean data loss is unavoidable simply because we’re destined to make a few bad calls. Being aware of the privacy and data sovereignty of email solutions you use is a good starting point to Tighten the data leakage taps pre-empt user snafus and stop data leaks before they happen. Office 365 Trust centre clearly enlists commitments from Office 365 about security, privacy, and compliance. (https://products.office.com/en-gb/business/office-365-trust-center-welcome)