In an earlier post, I discussed why your business needs Policy Management and the different causes of Data Leakage. In today’s post, I will take a closer look at one of the causes of data leakage protection and how it can be prevented: let’s look at the case of the Disgruntled Employee.
Scenario: Fred, a developer, comes to work every day and does his job, but at the same time is looking for a position with a competitor. What does he do? He sends confidential company information to the competitors or sends this information to his personal webmail account.
Solution: With a data leakage solution in place, emails containing confidential information could be blocked from leaving the server and instead redirected to a moderator account. Fred would not be able to send information that he should not normally have access to. Case in point: since Fred is in the Research & Development department, he should not be sending financial reports, requirements, or specification documents to external addresses. Using a Data Leakage Protection solution, Fred (and any other employee) could be placed in a group with a policy applied, that controls what content can and cannot leave the company by email.
How can one moderator flag everything?
Understandably, the IT administrator in most companies is already overwhelmed with his day-to-day activities and probably does not have the time to spend moderating emails. Aside from the confidentiality and time-sensitivity of email content, the IT administrator isn’t necessarily aware of what should leave the company and who should or should not be sending what. A good Data Leakage Protection solution would allow you to provide different moderators for policies. In Fred’s case, for example, the team lead or department manager could be appointed as the moderator. Furthermore, moderator functions should allow for silent surveillance where the sender is unaware of the activity. Using Fred’s example again, the team lead could monitor his emails for a period of time before taking decisive action by using a “copy to moderator” function that allows the email to be sent but with a BCC’d copy to the moderator.
While this behavior is reminiscent of Big Brother, you have to weigh the value of the employees sense of privacy versus the potentially disastrous costs of proprietary data loss. And when you consider that the employee was using your company time and your resources to send your information to a competitor, the employee“ in this case“ really doesn’t have a leg to stand on.