Vulnerabilities / Threats
5/16/2012
11:50 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

5 Ways To Lose A Malicious Insider Lawsuit

Making the case against an insider takes preparation and proactive work with HR and legal. Consider this expert advice to make sure you're ready.

When the worst-case scenario strikes and a malicious insider does damage to an organization, be it by theft or sabotage, legal recourse may be in order. But if IT doesn't prepare in advance to cooperate with human resources and legal, the civil or criminal case against a bad former employee may be doomed from the start.

According to security and legal experts, failing to cover your legal bases before presenting your case to judge and jury can effectively give the defendant that proverbial "get-out-of-jail-free card" and leave your organization without much leverage at all.

Here are some of the most common ways that enterprises tend to blow their cases against malicious insiders.

1. Don't Make Employees Sign A Contract or Policy
According to Damon Petraglia of Chartstone, one of the most common civil cases he's brought in to help forensically investigate is when employees steal information from their employers or do something inappropriate with technology. In order to make a case against such an employee, it is important to not only prove they stole or did something wrong, but that they had intent.

"If you want to fire someone or you want to sue someone, you have to prove that they had intent to do something malicious. Just because I installed something on my computer, it doesn't really prove I did something malicious," said Petraglia, director of forensic and information security services for Chartstone. "A lot of times, when I'm looking at something forensically, a company will not have any policy in place that says you cannot do something. That makes it very difficult to prosecute or to fire someone."

This is where signed acceptable use policies and confidentiality agreements are key. While signing such a document might seem like a mere formality when employees or contractors are brought in, their existence can make or break a case when things go wrong.

"If I were advising someone that has confidential information, data, or technology, I'd say the most important thing to do is have agreements with your employees that make it clear that there is confidential information that limit the employees' ability to use that information, and to prevent the employees from taking it or disclosing it to anyone else," said Jim Davis, partner at Dallas, Tex.-based law firm Klemchuck Kubasta.

Read the rest of this article on Dark Reading.

Put an end to insider theft and accidental data disclosure with network and host controls--and don't forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone's concern, and lessons learned from the Global Payments breach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web