Layoffs can make companies vulnerable to data theft
Steven J. Dundas
Experts say prevention can be as simple as checking e-mail logs
BY BETH FITZGERALD Asset Protection
WHEN A LAID-OFF employee walks out the
door, critical company information may even the engineering drawings for the compa-
already be gone. The soon-to-be ex-worker ny’s next new gadget.
may have e-mailed valuable data to a personal George Wade, director of computer
Web address — and intends to deliver that forensics at the accounting and consulting
information to a company rival. firm Sobel & Co. in Livingston, said it is diffi-
As the recession’s depth and duration cult, but not impossible, for companies to
confounds forecasters, businesses are laying defend themselves against data leakage. Key
off experienced employees whose jobs gave steps include keeping a good inventory of
them broad access to company intelligence: essential data, knowing where it’s stored and
customer lists, financial information, maybe who has access to it, and staying alert for
unusual data traffic.
“When you fire people, you don’t just lose
More than severance pay that person, you lose the information they take
A whopping 59 percent of employees who with them,” said Wade, who before joining
lost or left their jobs last year admitted steal- Sobel a year ago spent 20 years as regional George Wade, director of computer forensics at Sobel & Co., says companies can take certain steps to
ing company information, according to a sur- security manager at Lucent Technologies’ cor- protect against data theft, including noting the times of day large e-mail files were sent by employees.
vey released in February by the software porate security department in the Murray Hill
company Symantec and IT research firm section of New Providence. management to a third party probably also able or delete company files.
Ponemon Institute. Technology exists to safeguard data, but have the ability to monitor e-mail logs, Wade Wade suggested that companies take steps
Among the survey findings: many companies can’t afford to invest the said. Time of day may be a clue that some- to head off data theft by employees who fear
■ 53 percent downloaded company infor- money right now, Wade said. So he advises com- thing’s up: an employee may transfer large they may lose their jobs during the recession:
mation onto a CD or DVD and 38 percent sent panies to start with the tools already at hand — data files late at night instead of during work- ■ Take an inventory of critical data, where
attachments to a personal e-mail account. and monitoring the flow of e-mail traffic is a key ing hours when a data bulge would slow down it is located and how well it is protected.
■ 79 percent took data without an first step to defend the company data. the network and attract attention. ■ Monitor access to the data and the
employer’s permission. “Most companies have e-mail logs they Wade said hackers who penetrate cor- activity on the e-mail system.
■ 82 percent said their employers did not can look at to see who is sending information, porate computer firewalls and steal compa- ■ Have a plan in place ahead of time if a
perform an audit or review of documents and where they’re sending it,” Wade said. “It can ny secrets get most of the media’s attention, data breach is suspected.
before the respondent left his or her job. be as simple as looking at the frequency of mes- “but the insider is a far greater problem.” In Once there are concerns that a data breach
■• 24 percent of respondents had access sages, destination, the size of file attachments. his career, Wade said he’s investigated multi- could happen, Wade said it may be necessary to
to their employer’s computer system or net- An employee who normally only sent small text million-dollar intellectual property theft bring in professionals and keep the perpetrator
work after their departure from the company. messages may suddenly start sending large cases. And he’s uncovered sabotage: fired under surveillance for a while, to make sure the
— Beth Fitzgerald attachments to a Yahoo or Google account.” workers who leave behind software full extent of the breach is discovered. ◆
Companies that outsource their e-mail weapons, known as “logic bombs” that dis- E-mail to firstname.lastname@example.org
Keeping heirs happy can save family, money