Stolen Business Data – A Massive Corporate Risk
4 min read
If you have a company, you have invested massive amounts of capital into making this company successful and thriving. If your company is a bit larger, like ours, the investment can be in the tens or hundreds of millions of dollars. With how much is invested, isn’t it important to protect your data from being stolen?
Stolen data can be used to help competitors or be a basis of legal enquiry when it is allowed to happen. We believe all critical data must be protected from cyber attack, internal or external.
We have helped companies protect their data and ensure their longterm viability over the last 25 years with managed IT strategies to protect their data with a chain of custody and access approach to lock files from users who should not have access.
We will talk about how data is stolen and what you can do to protect your business from data theft and important information or insider secrets being stolen from you.
Source of Threats to Business Data
It is often thought the main source of data loss is from people on the outside trying to get inside your network. Would it surprise you most security experts will tell you there is a much deeper threat in the United States by rogue insiders than outsiders? A security breach, when traced, will more often than not, point at someone you know or who works for the company.
Why would someone want to steal or harm your data if they work for you?
The main reasons fall into greed, revenge or leverage.
Data Breach for Greed
Let’s say a sales rep knows they are going to be leaving for one of your competitors. Wouldn’t it be nice to have a copy of all your contracts, so they know when to approach all your clients. They could even talk about how they used to work for your company. This would fall into the greed category. They could make more sales.
But sales isn’t the only area that matters. What if there was someone planning to sue the company is doing the IT, and they wanted to steal all the email records as part of the evidence of wrongful termination of their co-worker?
There are all kinds of reasons an employee may choose to risk your security.
There could also be customer service reps who steal data to do identity theft or want a social security number list to sell or use. There are many reasons people could want to steal data. The reps could even want more simple information like phone numbers or email addresses. Data breaches are not a one-sized fit all occurrences.
Data Breach for Revenge
If you made some employees upset, then it is possible they would take data to use or sell because they were upset about something. What could be some of the possible targets if it was for revenge?
- Personal data of a key employee
- Plans a company has which may go against someone’s values
- Credit card information
- Social security numbers of other employees or clients
- Customer data like purchase history to be given to a competitor
- Law enforcement data like criminal records
Revenge can be a huge player in data security, so setting appropriate data policies surrounding key information is a critical step in the process. If an employee is fired and their buddy is on staff, there could be a risk to your company’s data or your client’s critical data.
Firewall Important Files
One key thing you can do is set policies, so the most important data cannot be accessed by just anyone. This would make a lot of the insider issues go away with this one simple step. The firewall could block the traffic to ensure data is not easily accessible.
Isolating a Threat Actor Quickly
If you fire someone, this is a risk in the context of insider data theft. So, you should have a policy to lock out users and restrict file access if you fire them, so they are unable to launch an attack before they even think of the idea of stealing data. This could be shutting off their credentials or removing them as a user on your network at all.
Call Law Enforcement
If you are a victim of insider data theft, you should call law enforcement. This could be for something as simple as an employee leaving the company and taking laptops with data or accessing them. Insider threats need to be seriously considered and fought if you want to ensure safety for your business.
When you lose sensitive data, it is important to know what data was lost. Having a file audit where you can see who accessed files and when they took the files is extremely important, especially if you foresee a lawsuit coming.
Most cyberattacks are not from a hacker across the world, but from employees in your own office. If you would like help to set up a system which allows employees file access when they need it and restricts access when they don’t, please let us know. We are here to help businesses with their managed IT, print services and copiers.
If you are looking for a way to protect sensitive information of your business or your clients, give us a call. We can help you develop a data security policy to protect your business from data loss.