When talking about data security, it's easy to think only of outside threats (such as hackers and malware) and forget that many of the biggest dangers to data come from within an organization. Insider data breaches occur when an employee uses his access to steal data from the company.
Why would an employee do this? For a variety of reasons. Employees might steal data in order to…
- Sell proprietary information.
- Take IP to a rival company before they start a new job.
- Take private data and sell it online for money.
- Commit fraud or identity theft.
Infosecurity magazine reveals that only 9 percent of companies feel safe from insider data threats. The other 91 percent of companies are right to be anxious. Insider data breaches are expensive and dangerous because, given their inside position, employees know where and how to steal the most valuable data.
IT consultants should take insider data threats seriously because they’re responsible for instituting data security protocols for their clients in order to prevent all kinds of data breaches. Let's look at some of the things you can do to prevent insider attacks.
IT Consultants: How to Protect Clients from Inside Data Breaches
Before we get into the nitty-gritty details, let's look at an example of a law firm that was the victim of a major data breach. Corporate law magazine Inside Counsel reports on an incredible story of data theft that jeopardized one of New York's top law firms.
An employee at Simpson Thatcher & Bartlett LLP used their access to the firm's data to sell inside information to Wall Street traders about upcoming mergers and acquisitions. Traders wanted the information presumably so they could buy or sell stocks before a company announced it was going to make a major move (like acquiring another company). All told, this insider-trading ring was able to make over $5 million by using the law firm's information.
In a situation like this, the network administrator or IT professional who works for the law firm can be sued if they didn't do enough to prevent employees from stealing data. Here are some of the standard ways IT professionals can protect clients from insider data theft:
- Control employee access so that data is only available to employees who need to use it.
- Keep network logs.
- Check security logs around the time employees leave the company to work with a competitor.
- Make sure to delete accounts for employees who leave the company and / or no longer need access to certain data.
- Educate clients about the importance of data security. (For tips on client education, see our article "Data Breach vs. Identity Theft: Help Your Clients Understand the Difference.")
How to Protect Your IT Firm from Insider Data Theft Lawsuits
Even if your clients don't deal with huge mergers and acquisitions, they likely have plenty of private data, trade secrets, and IP that you need to protect to prevent an insider data breach. In the process, you’ll be protecting your business from the lawsuits that arise from data breaches.
For starters, instituting the policies we listed above is a good way to decrease your risk. But no business can completely get rid of these risks. One of the things that make insider data breaches so dangerous is that there's little you can do to stop an employee who's bent on causing trouble. If an employee is working behind the firewall, eventually they'll be able to find a way to steal data.
So what do you do? Errors and Omissions Insurance can pay for the cost of a data breach lawsuit from an inside attack on a client network. This coverage can give you and your clients confidence that one malicious employee's data theft won't be able to take down your business or your client's. Given that more than 90 percent of clients feel concerned about this risk, making sure you're covered makes a lot of sense.