How to curb insiders? Information security methods

06/06/2018, 3825 views
Share this post:
How to curb insiders? Information security methods

As the famous saying goes, ‘trust, but verify’, and Apple employees are not going to argue with the wisdom of the ages. According to bloomberg.com, the ‘Fruit Company’ identified 29 insiders responsible for the leakage of confidential corporate information in 2017.

Fired employees are unlikely to find work in IT in future in the face of official charges, with court proceeding open, Apple spokesmen say. Twelve employees are known at the moment to have been arrested, while the rest are facing significant financial penalties.

Apple’s information security and staff monitoring are not irreproachable, but exemplary. And although information about then unreleased version of iPhone X and the latest Apple Watch did leak, insiders, who fed the media, have been identified and fired within a matter of days.

Corporate information leaks can apparently cause a company a significant financial loss, stock collapse, weaker competitive positions and drop in sales and potentially lead to its bankruptcy. Below there is a review of the key methods used to prevent internal leaks as an information security backbone.

Non-Disclosure Agreement

The insider's signature at the bottom of a document prohibiting disclosures of classified information obtained during the performance of his/her job duties is the simplest and most obvious step. Most often, it involves a relevant clause in the employment contract, with a focus on the employee’s liabilities being of importance.

Liabilities for disclosing information is the main deterrent in terms of information security. The following liabilities can be stipulated in the contract:

•    disciplinary (admonition, reprimand, dismissal);
•    financial (compensation of damages);
•    administrative (fine); and
•    criminal (deprivation of liberty).

The above Apple case demonstrates the liability options can be well combined and all insiders responsible for the leaks were fired, some were fined, while others are facing some actual jail times. Criminal liability is apparently the most powerful deterrent; however, it is not always applicable and the practice shows that dismissals and fines are in most cases more than enough.

Workplace Surveillance Software

Software solutions, as a method of combating internal leakage, is the information security backbone of any modern business. The monitoring software records every computer activity of an employee in the office.

Comprehensive monitoring of applications, auto screenshots captured at specified time intervals, desktop video recording, and online data transfers to the security server - all prevent an insider from taking steps that are potentially harmful to the company. They may of course have time to mess things up, but you are guaranteed to know everything and to generally have time to prevent negative consequences. 

Here we’re getting a little more closer to the core thing. Employee monitoring softwares can be applied in the stealth mode, meaning that employees are not aware of it applied. Yet, the point is that they should be aware since this must be stipulated in the employment contract. Why so? Remember the we-use-digital-video-surveillance signs in shops and offices. Do you think they actually have cameras installed wherever it is stated?

Employee hidden monitoring notification is often much more fruitful than the applied monitoring methods themselves. This is a simple psychology hack. Employees always behave differently, if they know that not a step they take is taken unnoticed. However, any motivation of keeping the mouth shut will immediately stop working if they somehow conceive the fake.

Work time tracking software can also contribute to fighting leaks. This means of employee monitoring ensures that the work discipline is observed. No wonder that in the iron-discipline departments they have simply no time for insides and, to put it plainly, they are always engaged in something, namely, in doing their direct job duties.

Once again about the importance of fighting insiders

Eugene Plotnik and David Pajcin of Goldman Sachs together with Stanislav Shpigelman, a Merrill Lynch ex-analyst, used confidential information about the upcoming P&G's acquisition of Gillette for personal purposes in 2006. They earned US$100,000 and then another US$6 million using insider information about Adidas and Reebok merger.

All the three were eventually caught and Plotnik and Pajcin were jailed for 37 months, while Shpigelman made a US$3 million bail. The loss incurred by Goldman Sachs and Merrill Lynch is hard to imagine and it is not just a financial matter since it was the image of the banks that was hit.

There are a lot of such things happening, and every case teaches one thing: up-to-date methods used to monitor internal information leakage is a vital necessity for any company, regardless of its line and size.


06/06/2018, 3825 views
Share this post:


Here are some other interesting articles: