Companies are building vast databases of information which need to be protected against hackers, viruses, natural disasters and other threats.
In this post I talk about the biggest threat of them all: your trusted employees.
Your employees have many reasons to steal your data. They might be planning to move to a competitor or begin their own venture in your market, or they could be bribed by a third party who has interest in your company’s secrets.
Knowing the methods and tricks they use to steal data can help you stop a major information leak before it happens. Below I describe the five most common leak vectors that any company should protect against.
Leak Vector 1 – The Internet
The Internet is the biggest hole in your defenses against information leaks. Employees who have access to the Internet can transmit data files to computers outside of your private network. There are a lot of applications that facilitate the transfer of data files over the Internet. These applications should be blocked, restricted or monitored.
Email: Users can send files as attachments to any public mailbox.
Websites: Many websites allow file uploads through the HTTP POST method.
Peer to peer: P2P protocols were designed for fast file transfer amongst vast amounts of users. In fact, these technologies are still the preferred choice for the illegal sharing of songs, movies and digital books.
File Transfer Protocol: As its name implies, FTP facilitates the transfer of files and is supported by many major browsers such as Internet Explorer.
Instant Messaging: IM protocols such as MSN Messenger, Skype and Google Talk allow for the transfer of files to online chat buddies anywhere in the world.
Leak Vector 2 – The SneakerNet
The Pentagon had countless virus outbreaks on their internal computers caused by unsafe Internet browsing. To ward off the problem they disconnected their LAN from the Internet. A few weeks later they suffered a large virus outbreak. An investigation found that an infected USB drive introduced the virus. The USB virus was transferred over the SneakerNet, a network created by human beings walking around in sneakers.
In order for this network to function, a storage medium needs to be available. CDs and DVDs are popular because they are cheap, easily available and inconspicuous. USB drives and SD cards are very dangerous because they are very fast and can store large amounts of data. They are also very small and easy to conceal. Mobile phones also pose a threat. They can record conversations, take video and relay information over the Internet using the cellular network. Laptops are also dangerous and are often taken in and out of the premises freely.
Leak Vector 3 – Physical Theft
The digital world is not the only one where you must watch your back. Theft is rampant in the real, physical world. Employees can print or photocopy documents and take them off-site. Physical files can also be taken out of cabinets, and the more technically inclined can pull out hard disks from computers, steal backup tapes or even entire computers!
Leak Vector 4 – Radio Frequency Networks
RF networks drive all wireless communication including WiFi, Bluetooth and cellular networks. These days RF devices are very common in smartphones, which can communicate over several RF technologies at the same time. Modern WiFi network devices are increasing their range drastically and the 3G network allows data transfer from almost anywhere.
Leak Vector 5 – Their own minds
Last, but not least is the knowledge your employees have acquired whilst working with your company. If an employee was involved in the design of a new product, he has inadvertently gained knowledge that he can replicate elsewhere. Whilst there is no true defense against this type of threat, it pays to treat key employees well to reduce the chances of them becoming disgruntled and taking off with your company secrets!