It only takes a small step to become aware of the theft in the computer world. When data is illegally copied or taken from a business or another individual, a heavy word in the computer world is used to describe the situation. The majority of the time, this information is personal information about the user, such as passwords and social security numbers. The theft of confidential information is becoming increasingly common. A variety of technologies, such as firewalls and intrusion-detection systems, have been developed to protect data from being compromised by black hat hackers. With today’s ability to transmit very large files via e-mail, web pages, USB devices, and other hand-held devices, the financial and reputational damage caused by theft can be significant. Data thefts are becoming increasingly prevalent as a source of compliance and computational risk for organizations.
According to new research, more than 60% of data breaches are the result of an internal source of occurrence. It’s one of the reasons for this is that organizations in today’s data-rich environment continue to struggle with the “human element” that is at the heart of data security. It can be extremely difficult to strike a balance between the protection of sensitive data and the provision of access to employees who require it in order to perform their daily job functions. Listed companies that have been identified as victims of cyber-attacks in media reports have experienced stock price drops ranging from 1 percent to 5 percent, translating into losses for shareholders ranging from $50 million to $200 million. The annual cost of data theft due to online fraud and application hacking is approximately $6 billion, with the costs to financial institutions accounting for the majority of this figure. Problems that have arisen as a result of the attack Attackers who target information are becoming more common, and they are primarily office workers who have access to technology such as desktop computers and hand-held devices capable of storing digital information, such as USB flash drives, iPods, and even digital cameras. Employees frequently spend a significant amount of time developing contacts and confidential and copyrighted information for the company for which they work, and they often believe they have arrived at the right place at the right time. As a result, they are more likely to copy and/or delete part of the information when they leave the company, or to misuse it while they are still employed. The majority of businesses have implemented firewalls and intrusion detection systems; however, only a minority considers the threat posed by an average employee who copies proprietary data for personal gain or for the benefit of a competitor or other organization.
The scenario in which a salesperson copies the contact database for use in their next job is a common occurrence. The majority of the time, this is a flagrant violation of their employment contract. Due to the ability to transmit very large files via email, web pages, USB devices, DVD storage, and other hand-held devices, the damage caused by data theft can be significant. Data theft can cause significant financial loss. With increased hard drive capacity, removable media devices are becoming increasingly small, and activities such as pod slurping are becoming more and more common among young people. It is now possible to store more than 160 GB of data on a device that is small enough to fit in an employee’s pocket, data that could ultimately lead to the failure of a company. It is illegally obtained information from an individual or a business that is known as data theft. It is usually login information, Social Security Numbers, sensitive personal information, credit card credentials, or confidential corporate data that falls into this category.. This information must be protected to the best of one’s ability in order to avoid any negative consequences resulting from its dissemination on the Internet. Countless instances have been documented in which people have shared personal information about themselves and experienced negative consequences as a result of doing so. When discussing cases of personal data theft, there are a couple of notable examples that come to mind immediately. The FaceBook security breach and the IPAD security breach are the two most notable instances of personal data theft.
In 2010, a security breach on the social networking website Facebook occurred. Types of information security breach There are a variety of methods for obtaining information. Data theft through hacking is by far the most common method, and it has the lowest risk of being discovered. Unauthorized entry into a system by a hacker results in the theft of the information intended for that system. Cybercriminals gain access to a system by exploiting weaknesses in the security system or deceiving gullible employees or users who are unaware of the threat. It is possible to fool oneself when posing for a photograph. Despite its appearance as a harmless piece of spam, the attractive website that has appeared on your screen and is offering you an excellent Holiday treat could actually be a data thief attempting to gain access to your computer system. According to the FBI, in one instance of corporate data theft last year, the thief pretended to be a potential customer and gained access to a company’s data bank by hacking into the computer of an employee who, in his haste to catch a potential client, was unaware of the theft. In the case of remote access, does the cursor move around on its own even when you haven’t touched it? Are there any programs running when you are not working on anything and have no windows open, according to the indicator? Keep an eye out for the signs of data theft; the perpetrator may already be in your system. Remote access allows a thief to take control of your machine from wherever he or she is and operate it, steal data from it, and even distribute viruses from it from anywhere in the world! Adware is frequently responsible for the introduction of spyware. Although the thief would not be physically present in your system, your keystrokes and mouse clicks would be monitored, revealing what you were doing and reading the data as it was entered. By clicking on a seemingly innocuous advertisement, you have opened the gate to the world.
In the words of Dr. Seuss, “Slurp, slurp.” Almost all home users now have iPods, which store their music. An employee who is rocking to music while working, as usual, is not something you would normally suspect. In order to obtain data outputs from the computer where the iPod is connected, the thief is aware of this and employs the iPod to do so. Using Bluetooth devices for snarfing has become increasingly popular in a short period of time. The data thief steals information from a restricted computer in complete silence and almost completely unnoticed, using a Bluetooth-enabled cell phone or laptop. The USB storage drive is yet another small and potentially hazardous device. To transfer data from the computer, an employee only needs to plug in a pen drive, and 2 GB of data will be transferred silently into their pocket. An exit survey conducted on February 23, 2010, revealed that the global economic downturn is taking its toll in the form of job losses and layoffs and that the vast majority of exiting employees are taking their employers’ information with them as well. This year’s survey, conducted by the security company Symantec in collaboration with the Poneman Institute, included 950 people who had lost their jobs in the previous year, with 59 percent admitting to stealing critical customer data, such as contact lists, from their former employers after they were fired. In the survey, it was revealed that the employees who lost their jobs over the past year stole a variety of critical information including email lists and customer information as well as employee records and non-financial information. As a side note, the study found that these vengeful employees use the information to find a new job, start their own business, or exact revenge on the company. Approximately 82 percent of those surveyed stated that their former employer did not even perform a document check before they left their jobs, according to the findings of the study. Sixty-one percent of those who admitted to stealing company information also stated that they had a negative opinion of their former employer at the time of their confession. Although this survey, which was carried out in January 2009, is noteworthy, it does not represent a significant step forward in terms of the alarming realization that businesses are suffering enormous losses and compromises as a result of stolen data theft. However, what business managers and in-house counsel should be concerned about is that, according to this survey, an increase in stolen data is associated with an increase in the number of layoffs of salaried employees.
It is past time for outside commercial lawyers to provide business clients with precautionary recommendations on how to deal with these situations during the pre-litigation stage of the process. Why? This is due to the fact that data thieves frequently leave digital ‘fingerprints’ behind that are only visible for a short amount of time. When asked why they took company data from their previous employer, approximately 67 percent of those who responded said they did so in order to gain leverage in finding a new position. Employee data theft investigations have yielded the best results in our experience when our forensic examiners are called in shortly after the employee has left his or her position. When it comes to preserving and recovering electronic evidence that can be used to identify the who, what, and when answers associated with data theft in order to support a claim and/or an order of protection, the sooner the better. In order to secure the “crime scene,” clients can take a few preventative measures before retaining the services of a computer forensic examiner. Information theft can be prevented in several ways. First and foremost, users must be educated. Include the terms “iPod” and “MP3 players” in the text to make the company’s policies on the use of removable media clear. 2. Endpoint security products that learn what data is considered sensitive by the organization and prevent that data from being copied without permission are a good choice. It should be noted that some of these products only notify an employee when an unauthorized action is taken, while others prevent copying.
Additionally, endpoint security software that records forensic information should be considered so that a legal case against the employee can be built in the event of data theft. Policies-based encryption, which can automatically encrypt data based on parameters such as the location to which it is being copied, is an alternative to content-aware software (see #4). It may be appropriate in some situations, such as a financial services company, to prohibit the use of iPods by employees who come into close contact with sensitive data, such as traders, while allowing their use in other areas. Some critical counter-attack measures are being implemented. Protecting Information: installing, updating, and maintaining intrusion detection and prevention software, firewalls, encryption, and tracking systems for access to the internal network making internet access available on a limited and supervised basis, with policies being reviewed on regular basis USB ports are not permitted in the workplace, and Bluetooth-enabled devices are not permitted either. Backups are being kept up to date.
Thank you for reading this post.
