Biggest Risk of Data Theft – Your Employees or Hackers?

vulnerability from mobile devices

Kexue Huang worked for two different U.S. companies. Between 2007 and 2010, he sold proprietary data from both of his workplaces to competitors operating in Germany and China. By the end of the process, both companies lost between $7 and $20 million in revenue because of the breach. Huang was sentenced to 87 months in prison and three years of supervised release.

The Types of Organizations That Are Likely to Lose Data

Many companies spend a lot of money trying to protect data from hackers. However, they sometimes ignore the threat of data breaches posed by their own employees. The FBI has identified some situations in which internal data theft commonly occurs. The agency also suggests common warning signs that may indicate questionable actions by employees.

Do any of these characteristics describe your organization? If so, then you are at risk for losing intellectual property and sensitive data:-

  • Protected materials are easy to access. Your company doesn’t manage access privileges, giving employees who don’t need access to certain types of data the ability to open up highly sensitive proprietary information. You don’t properly label sensitive information, and it’s easy for employees to exit the system after they download data.
  • The company has inadequate security procedures. Employees have the impression that your company’s security procedures are lax. You don’t have written policies for dealing with sensitive data, and you don’t offer employee training about handling intellectual property.
  • Employees are under time pressure. Your employees may be pressed for time on a particular project, which may cause them not to consider the consequences of inadequately securing protected materials. They may also be tempted to work on sensitive projects at home.

Characteristics of Employees That Are Likely to Steal

Sometimes, employees take home proprietary data with the best of intentions. For example, they may want to complete some extra work over the weekend, so they download files onto a USB drive. At other times, employees take sensitive information for more malicious reasons. The FBI suggests keeping an eye on employees who might:

  • Have major problems in their private lives. Problems like substance abuse, marital problems, financial struggles or other personal issues aren’t always indicative of suspicious behavior, but employers should stay vigilant.
  • Experience problems on the job. If employees feel a lack of recognition on the job, have disagreements with colleagues or find out about an impending separation, then they may decide to seek revenge.
  • Exhibit a sense of entitlement. Feeling valued for a job well-done is a fair expectation. However, an employee that acts as though he or she is above the rules, or an employee that is vulnerable to flattery or the offer of a better job, may be willing to engage in data theft.
  • Display divided loyalty. An employee who owes something to another country or wants to ingratiate himself or herself to someone who could benefit from receiving inside information might steal intellectual property. Alternatively, the employee may have an ideological allegiance to a particular person or cause.
  • Seek adventure. Some employees think that stealing proprietary information will add a sense of adventure to their lives. These employees may also be vulnerable to extortion because of fraud or gambling debts.data theft

Also, be aware when an employee commonly disregards security procedures by taking proprietary information home, photocopying sensitive records, visiting unauthorized websites or accessing the network during off-hours. Suspicious contacts with competitors, unusual trips to foreign countries and unexplained affluence should also cause alarm.

Vulnerabilities from Mobile Devices

The addition of mobile devices has made data loss even more likely. According to the Ponemon Institute, 77 percent of IT professionals surveyed expressed concern that a lack of security protocols for smartphones, tablets and other edge devices presented major security risks. Additionally, as employers give workers increased freedom to work offsite, IT professionals worry that they have no way to know whether employees follow security policies or comply with regulatory requirements.

You want to think the best of the people who work for you. In many cases, it’s tough to tell whether data loss has occurred because of negligence or fraud. However, since businesses lose approximately $194 for every data breach, employers have to start asking difficult questions about potential insider misconduct.

About the Author: Christopher Budd is a seasoned veteran in the areas of online security, privacy and communications. Combining a full career in technical engineering with PR and marketing, Christopher has worked to bridge the gap between “geekspeak” and plain English, to make awful news just bad and to help people realistically understand threats so they can protect themselves online. Christopher is a 10-year veteran of Microsoft’s Security Response Center, has worked as an independent consultant and now works for Trend Micro Data Protection.

Comments (13)

  • I think the mobile fraud issue will become a lot bigger in the future as more and more people are using mobile to access the internet.

  • Things can really go ugly when insiders turn bad. Employees, as insiders have better access to network computers, sensitive information such as passwords, key passes and most likely very well understand the computing habits of their colleagues too. Stealing data from the inside is a lot easier, or at least easy enough for even a non-hacker to perform. That’s why it’s no surprise that most organizations lost their data to their own employees. If there’s literally so easy to commit something illegal and stand a good chance getting away with it, why not do it?
    Peter Lee recently posted…Is Hacking an Inside Job?My Profile

  • Hi Atish,

    Informative post about Biggest Risk of Data Theft. Actually i am agree with you that its happenings in every office/companies that we can not trust to anyone so we need to secure our dat from Employees and hackers than its will be much better for our future which is need it. but i must say thanks to you for sharing informative post with us.

  • I’ve been the “victim” of identity theft. That was a drama. Good that Google knows all! Thanks for sharing the info. Good to keep in mind
    Evan recently posted…Top Showcase – Industrial WordPress themes 2013My Profile

  • Hello Atish,

    Energetic Post for everyone and we need to secure our data. its risk every in the office. really its Biggest Risk of Data Theft. and its goingon in every company. due to this we can not trust to anyone in the office. so i will say thanks to you Atish which you have told us about it. now i will keep remember of it and i will tell to everyone who has worried from this. Thanks alot for this post.

  • Wow! Atish this is one of the best and informative article dude. Thanks for sharing it.
    Raj kumar recently posted…How to: Make money with Google adsenseMy Profile

  • I think that the next generation mobile phones is becoming the greatest threat now-a-days! It is one of the biggest Hacker according to me!
    Krishna recently posted…Download WeChat for PC, Windows, Android, iPhone, NokiaMy Profile

  • With so many devices around you, data theft has become all the more feasible. On the contrary, detecting data theft has become difficult. People are really taking technological advents seriously, and why wouldn’t they, technology is all about making life easy, even if it is about stealing someones work.

  • Data theft is one of the biggest problems that businesses have to face. It’s quite unfortunate that there are employees who would steal data from their employers for their own benefits. In the advent of technology, we are also putting our safety and security at greater risk.
    Sheryl recently posted…A Showcase of Beautiful, Free FontsMy Profile


Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge