10 steps to protecting your trade secrets from the malicious insider

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.insidecounsel.com/2014/09/02/10-steps-to-protecting-your-trade-secrets-from-the


Today’s headlines are replete with data breaches and cybercrime committed
by foreign spies and international crime rings. This threat, while very
real, can sometimes obscure another, more insidious threat lurking right
outside an IT director’s office: the malicious insider. A “malicious
insider” is a current or former employee, contractor, or business partner
who has [or had] authorized access to an organization's network who then
intentionally misuses that access in ways that damages the employer.

Corporate employers rarely investigate an employee’s activities at the time
of departure. Instead, months pass before clues surface that confidential
data was misused, at which point important data is often seriously
compromised or no longer available.

Even under these circumstances, investigators can take meaningful
investigative steps, including an analysis of network security logs,
restoring backup tapes, forensic analysis of computers and an analysis of
travel, expense reports and cell phone records as well as a review of
social media postings.

These corporate investigations would yield more useful evidence, however,
if companies planned ahead and investigated a malicious insider’s
activities concurrent with their departure from the workplace. To win a
theft of trade secrets claim, for example, the victim must prove that the
information stolen was treated as a secret and reasonable efforts were made
to maintain its secrecy. Meeting this standard compels a timely and
thorough approach, key elements of which include the following:

1. Identify and secure “crown jewel data”

If you don’t know where mission-critical data resides, it’s difficult to
determine if it’s been stolen. So as first step, organizations should
identify its most valuable secrets. This is the information that, if
compromised and shared externally, would cause significant economic and
reputational harm. This data should be segregated on the corporate network
with maximum, access-controlled security.

2. Tag your crown jewel data

Digital marking represents a highly effective means of proving that certain
data was both secret and secured. For example, web bugs can be deployed to
track confidential email. These are invisible to a user but send tracking
data that reveals when the email has been opened by the recipient. As with
any complex technology, corporate officials charged with data security
should keep abreast of technological advances and assess the relevance for
their own environment.

3. Enable logging functions on servers

Network servers provide a wealth of logging information, including IP
addresses, time and date stamps of access, failed access attempts,
unauthorized changes to user rights, suspicious or unauthorized network
traffic patterns and application installations. These log files can be
critical in building a case against a malicious insider. For example,
access and deletion patterns that are inconsistent with prior use is a huge
red flag.

Additionally, security alerts to network administrators concerning the use
of wiping software or software downloads can be a highly effective
deterrent to theft. Thieves typically download data during multiple user
sessions, so it is feasible to discover the theft before any real damage
takes place.

4. Review access protocols and secure “administrative rights”

In many organizations, entry level IT staff possess “administrative rights”
to entire networks. Because of this broad access and specialized, detailed
knowledge of the network, organizations are particularly vulnerable to
theft by IT staff. Administrative rights should therefore be granted
sparingly and according to need, and no one person should have access to
the entire system. Segregation of duties, which mitigates fraud in internal
accounting departments, is equally applicable to IT departments.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!