3 Roads to a Data Breach and How to Block Them

The bad employee, the ignorant employee and the evil hacker all put your intellectual property at risk.

Posted by Dawn Lomer in Corporate Security on November 3rd, 2011

When a data breach occurs, company leaders are often at a loss to explain how it happened. And while it may be too late to do anything about loss of intellectual property that has already occurred, examining how it occurred can go a long way toward preventing it from happening again.

In his session on cyber-security at the SCCE Compliance and Ethics Institute in September, Orrie Dinstein, Chief Privacy Leader and Senior Counsel for IP at GE Capital Finance, a division of the General Electric Company, described three threats to a company’s intellectual property. Internal intentional threats come from the bad employee who is purposely stealing data. Internal unintentional threats come from employees who accidentally compromise company data. External threats come from hackers who break into the company’s network to steal confidential information.

Internal Intentional

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

Data theft by employees is much easier than it used to be. The equivalent of banker’s boxes filled with confidential files can be e-mailed, uploaded to online storage, downloaded onto a tiny thumb drive or even posted to social media sites. The inside job is possibly the most difficult to prevent as the perpetrator already has access to the data.

The bad employee intentionally steals intellectual property and may do this for a number of reasons, says Dinstein, including the following:

  • Was fired and wants revenge
  • Can make money by selling your data to a competitor
  •  Sees the act as a form of whistleblowing
  • Disgruntled and wants to cause problems for the company
  • Wants to use data (such as customer lists) for own purposes
  • Has a sense of ownership (employee created it)

The CERT Insider Threat Center at Carnegie Mellon University has performed behavioral modeling of insiders who steal intellectual property. Studies of 600 cases have shown that many insiders who stole their organization’s intellectual property stole at least some of it within 30 days of their termination. This kind of information can help organizations take preventive action to secure their intellectual property in high-risk situations by, for example, alerting the IT department when an employee is to be fired or has resigned.

Internal Unintentional

The other type of employee responsible for data leakage is the one who does it unintentionally. They are not trying to do the wrong things, says Dinstein. They just make mistakes.

This person might accidentally send information to the wrong person (for example, when auto-fill inserts the wrong address in Outlook). He or she might post confidential information on social media sites, unaware that it’s confidential.

Employees using peer-to-peer networks to download music or movies at work may not be aware that sharing one way means sharing both ways.

Awareness campaigns, training and constant reminders about internet safety can go a long way in preventing this type of data loss, says Dinstein.

External Threat

Hackers can cause heavy damage to an organization. Planned attacks from the outside often begin with an e-mail, as most methods used by hackers require that someone on the inside inadvertently open the door for them. Methods used by hackers include password cracking, viruses, worms, spyware, scareware, phishing, social engineering.

Employee training and awareness is a critical part of defending against hackers. It’s very rare for a hacker to break into a company’s system without any help (inadvertent or other) from inside, says Dinstein.

And since passwords are the gateway to the system, it makes sense to focus training and awareness campaigns on the use of strong passwords. Anyone who has ever tried a password cracker would be amazed at how quickly and easily it’s achieved, and how often people use the same popular passwords. A strong, well-implemented password policy, so simple to execute, can be the biggest roadblock to your next breach.


Dawn Lomer
Dawn Lomer

Managing Editor

Dawn Lomer is the managing editor at i-Sight Software and a Certified Fraud Examiner (CFE). She writes about topics related to workplace investigations, ethics and compliance, data security and e-discovery, and hosts i-Sight webinars.