Welcome Guest. | Log In | Register | Membership Benefits

Risk Management Pro Walked Off With Company Data

Computershare case sheds light on mitigating rogue insider threat

Nov 09, 2011 | 07:27 PM | 

By Kelly Jackson Higgins
Dark Reading
Financial services and technology provider Computershare confirmed today that a former employee took confidential company data upon her departure from the company, but not shareholder data as was originally suspected.

Computershare earlier this year filed a lawsuit in U.S. District Court in Massachusetts to recover IT devices containing potentially sensitive information that former employee Kathyann Pace had taken when she left the company.

"Our employee handbook clearly states that all Computershare property must be returned upon termination of employment. As this was not forthcoming, we took appropriate action to ensure that no kind of confidential information remained in the possession of this ex-employee. Our approach in these cases is consistent, so this naturally included determining whether any confidential company information or proprietary or confidential shareholder information remained in their possession," a Computershare spokesman said today.

The lawsuit resulted in the recovery of the IT devices. "As a direct result of the lawsuit being filed, we were able to gain access to the individual’s IT devices, and a forensic investigation was able to verify that the information that resided on the individual's IT devices did not include confidential shareholder data, though it did include confidential company information," said the spokesman, who was unable to comment specifically on the case as it remains in litigation.

"All Computershare information was purged from the devices turned over by the employee during litigation," the spokesman said.

News of the apparent rogue insider case was first reported on Threat Post yesterday, revealing that Computershare had charged in the lawsuit that Pace had pilfered thousands of pages of company documents after illegally siphoning it onto a USB drive and then reportedly losing it. Pace, who ironically was a risk management auditor for the firm, reportedly held onto her company-owned laptop for several weeks after leaving the firm.

Threat Post reported today that Computershare still had not recovered two USB drives housing sensitive company email and documents. Pace reportedly claimed to have lost the USB drives on which she had copied the company data, but a subsequent forensics investigation revealed that she had copied the data onto her laptop and USB drive.

While many insider threat cases are the result of human error or inadvertent data leakage, it's cases like Computershare's that give enterprises the chills. "The majority of lost USBs are truly accidents and not malicious in nature. Whether a drive is misplaced, lost, or stolen, there can be ramifications," says John Terpening, secure USB manager for Kingston.

Terpening cites a recent Ponemon Institute report that found that during the past two years, 47 percent of IT professionals worldwide said their organization lost a USB drive containing confidential information. "However, in situations where people do have access to information of value, and theft is made easy by the lack of controls, the likelihood of data theft by insider is a real possibility. Taking a few simple steps can go a long way to reduce this threat," Terpening says.

Policy is key, he says. "The best steps any organization can take to minimize damage is have a policy in place before something happens. A policy can be as simple as deploying secure, encrypted USB Flash drives or to do that in combination with a managed solution. When a company sets up a policy, it has to be enforced," he says.

But Ashok Devata, director of DLP products for RSA, says many companies struggle when it comes to getting visibility into where their sensitive data lives and who can access it, as well as managing access and revoking it when an employee leaves.

"A strong DLP program can offer such visibility and provide organizations a content-aware perspective to risk and threat management," he says. "For example, organizations can enforce DLP policies that prevent end users from copying certain type of data to USB drives, and even alert the security staff if multiple attempts are made to copy such data."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Insider Threat Reports

report How to Prevent an Illicit Data Dump
There are no silver bullets when it comes to protecting company and customer data from loss or theft, but there are technological and procedural systems that will go a long way toward preventing a WikiLeaks-like data dump. Here are some tips and tricks to help protect your organization's most sensitive information.

report Email and Data Loss
Email encryption, rights management, email gateways, and full-on data loss prevention systems can keep corporate data secure. Here's a look at the pros and cons of each, to help you determine what?s best for your business.

report An Insider Threat Reality check
Heightened concern that users could inadvertently expose or leak -- or purposely steal -- an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. In this special retrospective of recent news coverage, Dark Reading takes a look at how organizations are handling the threat -- and what users are really up to.

Other reports from the Insider Threat Tech Center:

Related Content

Protection from Insider Threats
Preventing data misuse by trusted users is the most difficult information protection challenge. Insiders already have full authorization to the data, making traditional IT secure methods in effective. Learn about a more powerful security approach and proven strategies to prevent insider misuse.

Strategies for Protecting Intellectual Property
A company's intellectual property (IP) represents a significant portion of assets and a critical component of competitive differentiation, but the potential value of any IP is directly linked to its limit of acceptable use. Learn how you can put your IP to work within collaborative environments without undue risk and maximize competitive advantages.

Protecting Against WikiLeaks Type Events and the Insider Threat
The sensitive information supplied to WikiLeaks and other social justice websites comes from trusted insiders. Get the answers to the open gaps left in the WikiLeaks story and learn how you can prevent insider threats that are just as detrimental in your organization.

Insider Threat: An Inside Look at a Fortune 100 Company's Prevention Program
The ways and means by which a privileged user can successfully steal proprietary data today is staggering. One venerable company that suffered a devastating incident decided to do something about it. Find out how it built one of the most productive insider threat prevention programs in the Fortune 100.

Protection of Intellectual Property and Trade Secrets across a Global Enterprise
As a designer and manufacturer of industrial technology, this Fortune 50 company knew that securing their intellectual property (IP) and trade secret data was essential. It created a program to identify risks to their IP and trade secrets and soon caught a privileged user attempting to compromise IP. Download this case study to see a real example of intellectual property protection at work.




Featured Webcasts
Featured Whitepapers
Featured Reports