BreachExchange mailing list archives
10 steps to protecting your trade secrets from the malicious insider
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 3 Sep 2014 19:09:51 -0600
http://www.insidecounsel.com/2014/09/02/10-steps-to-protecting-your-trade-secrets-from-the Today’s headlines are replete with data breaches and cybercrime committed by foreign spies and international crime rings. This threat, while very real, can sometimes obscure another, more insidious threat lurking right outside an IT director’s office: the malicious insider. A “malicious insider” is a current or former employee, contractor, or business partner who has [or had] authorized access to an organization's network who then intentionally misuses that access in ways that damages the employer. Corporate employers rarely investigate an employee’s activities at the time of departure. Instead, months pass before clues surface that confidential data was misused, at which point important data is often seriously compromised or no longer available. Even under these circumstances, investigators can take meaningful investigative steps, including an analysis of network security logs, restoring backup tapes, forensic analysis of computers and an analysis of travel, expense reports and cell phone records as well as a review of social media postings. These corporate investigations would yield more useful evidence, however, if companies planned ahead and investigated a malicious insider’s activities concurrent with their departure from the workplace. To win a theft of trade secrets claim, for example, the victim must prove that the information stolen was treated as a secret and reasonable efforts were made to maintain its secrecy. Meeting this standard compels a timely and thorough approach, key elements of which include the following: 1. Identify and secure “crown jewel data” If you don’t know where mission-critical data resides, it’s difficult to determine if it’s been stolen. So as first step, organizations should identify its most valuable secrets. This is the information that, if compromised and shared externally, would cause significant economic and reputational harm. This data should be segregated on the corporate network with maximum, access-controlled security. 2. Tag your crown jewel data Digital marking represents a highly effective means of proving that certain data was both secret and secured. For example, web bugs can be deployed to track confidential email. These are invisible to a user but send tracking data that reveals when the email has been opened by the recipient. As with any complex technology, corporate officials charged with data security should keep abreast of technological advances and assess the relevance for their own environment. 3. Enable logging functions on servers Network servers provide a wealth of logging information, including IP addresses, time and date stamps of access, failed access attempts, unauthorized changes to user rights, suspicious or unauthorized network traffic patterns and application installations. These log files can be critical in building a case against a malicious insider. For example, access and deletion patterns that are inconsistent with prior use is a huge red flag. Additionally, security alerts to network administrators concerning the use of wiping software or software downloads can be a highly effective deterrent to theft. Thieves typically download data during multiple user sessions, so it is feasible to discover the theft before any real damage takes place. 4. Review access protocols and secure “administrative rights” In many organizations, entry level IT staff possess “administrative rights” to entire networks. Because of this broad access and specialized, detailed knowledge of the network, organizations are particularly vulnerable to theft by IT staff. Administrative rights should therefore be granted sparingly and according to need, and no one person should have access to the entire system. Segregation of duties, which mitigates fraud in internal accounting departments, is equally applicable to IT departments.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- 10 steps to protecting your trade secrets from the malicious insider Audrey McNeil (Sep 12)