Disgruntled Employees Can Be Insider Cyber Threats Waiting to Happen, Warns FBI
The FBI recently issued a warning regarding the considerable threat disgruntled employees can pose to businesses by using their access privileges and knowledge of company networks to steal proprietary data and other IP (Intellectual Property), cause destruction and/or disrupt business operations. GDF’s founder discusses a two-pronged approach that can help businesses control insider threats like these.
From friend to foe
The FBI and DHS (Department of Homeland Security) have been observing an increase in cyber espionage and attacks carried out against US businesses by disgruntled and/or former employees, prompting them to issue a warning on September 23rd to elevate awareness about this potentially devastating problem. “It’s a very precarious situation for employers,” says Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier provider of cyber security solutions. “Obviously employees need to be granted access to certain digital assets and information to perform their jobs effectively, but that’s exactly what makes it such a dangerous set of circumstances when a current or former employee breaks bad. To tackle the problem, you have to approach it from both ends. Current employees need to be monitored and controlled, and when it’s time for an employee to move on, the organization needs to know exactly what they’ve been doing prior to their departure and measures have to be taken to strip them of their golden ticket – their privileged access.”
Employers have to know who’s doing what, when, how and how often on their network to control insider threats
“If a business has to secure a physical perimeter against unwanted access, chances are some kind of surveillance system will be put in place,” says Caruso. “In today’s cyber driven world, the same holds true when it comes to an organization’s network and ESI (Electronically Stored Information). To fit that bill, we offer the C-All User Activity Monitor|Recorder, which is basically a surveillance system for your network. C-All incorporates the tools managers and security personnel need to stay on top of any or all activity taking place on the network they are charged with protecting, and best of all, it’s very easy to use.”
Easy and effective
“But don’t let its simplicity fool you, it’s an enormously powerful ally in the fight to protect digital assets and data from those already inside the gates. With C-All, you can record any user activity as a screen capture movie, which can then be played back to show exactly what a user did in indisputable video form. This goes for remote user sessions too, which is vital in today’s digital landscape. For added functionality, it also allows security staff to monitor activity in real time, as well as set triggers for virtually any activity an employer wants to keep track of, from certain keywords being typed or particular sites being visited, to particular files being accessed, among countless other options. Once a trigger is tripped, C-All will record the session, log it, and index it so it is easy to retrieve by keyword or activity when it’s needed. Triggers can even be set to notify security staff by email when they are tripped so action can be taken swiftly in real time if need be. C-All also stores everything in a highly compressed format, so storage space is typically not an issue. With C-All on the job, mysteries are solved, unknowns become non-existent, and indisputable proof of user actions is always at your fingertips. That’s the kind of power that puts insiders on notice that malicious behavior of any kind will not be tolerated, hidden or overlooked.”
Electronic exit interviews keep former employees in check
“There are all kinds of ways company data can be maliciously used by a disgruntled former employee, from exposing intellectual property secrets, stealing client and vendor information, identity and credit card theft, to flat out embezzlement, just to name a few. This prompted us to develop an effective, yet cost-efficient program to fill this important gap and give businesses the ability to see exactly what data could have been exposed and give them the information they need, all acquired in a forensically sound and defensible manner, should legal steps need to be taken,” says Caruso. “So when an employee leaves the company, voluntarily or not, we will make a forensic image of the employee’s hard drive, and if applicable, we can also do the same thing with mobile devices like smartphones and tablets. Then one of our certified forensic technicians will extract all the electronic correspondence, like email, online chats and social networking, as well as documents and other information deemed pertinent according to the concerns of the client. Then we will generate a full forensics report detailing the drive contents, the results of our searches, and a full description of our forensically sound process with all the relevant technical data. And since we are intimately familiar with the world of electronic discovery and the nuances of digital evidence and computer forensics, our clients can rest easy knowing that our findings will stand up to even the highest levels of scrutiny from the opposition or the court should things escalate into a litigation setting. We can also set up package pricing to reduce the costs even further when multiple exit interviews are needed. ”
The right solutions to do the job
Insiders and ex-insiders can wreak havoc on a business, but by utilizing GDF’s two-pronged approach, businesses can take back control. So don’t wait until it’s too late, take action now.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.