The threat posed to corporate data and brand reputation from disgruntled employees was revealed this week, after it was alleged that a former spokesman for private equity giant TPG Global leaked sensitive documents to the press after being passed over for promotion.
Adam Levine, a former deputy press secretary for president George W. Bush, vowed to “take down” his employer after hearing he wouldn’t be promoted, TPG alleged in a revised complaint filed yesterday in a federal court in Fort Worth, Texas.
He traveled to the office at unusual hours – for example on Christmas Eve and Christmas Day – stole confidential documents and then altered them before sending to a New York Times reporter, the allegations continue.
The private equity investment giant is seeking a court order requiring Levine to return the proprietary data and company-owned electronics and disclose who he has sent the data to, according to Bloomberg.
Levine’s lawyers are apparently claiming that he was dismissed on 31 December after trying to report compliance issues he uncovered at the firm.
Sagie Dulce, security researcher at Imperva, claimed that any insider threats, such as the one alleged here, are hard to avoid, particularly when senior employees with access to highly sensitive data are involved.
However, it’s possible to minimize the damage, especially if a member of staff is suspected of wrongdoing, by monitoring their devices and accounts more closely, he told Infosecurity by email.
“A more ‘conservative’ approach would be to block the employee's account access to sensitive information, while still allowing him to perform most of his daily tasks,” he added.
“Such blocking can be based on information type, specific servers, or methods of access such as VPN, WiFi or out-of-office hours.”
Mark James, security specialist at Eset, argued that all data flows can be managed within a network environment.
Restricting access to relevant staff, ensuring they only access the files they need, and restricting data flow to external devices will minimize the risk of data loss, he told Infosecurity.
“However, sadly you can’t protect against staff that are allowed access to the data in the first place, but having logs of exactly what and where data is being copied too will help keep it in the right hands, and also enable early warning signs if something is amiss,” James argued.
“As usual keeping the public and authorities well informed is always good for your reputation. To be honest, these days data breaches are an everyday occurrence, but if policies are in place and staff are aware of what is and isn’t acceptable then the damage done should be minimal.”
Lior Arbel, CTO of security vendor Performanta, argued that firms have to be proactive to avoid reputational damage from such leaks.
“This is achievable by employing the technology to stop data leaks, like data loss prevention solutions (DLP) which are suited exactly for these type of cases,” he told Infosecurity.
“DLP can help companies to see clearly who sent the data, how it is being sent or used, where it is going, and what type of data it is. IT departments can then act on it in real time, preventing business critical data exiting the organization, whilst also alerting the appropriate stakeholders.”
Kurt Mueffelmann, CEO of security firm Cryptzone, agreed that close monitoring of data is essential to reduce the risk of accidental or deliberate exposure.
“You need to put restrictions around who can access and distribute the data itself. Look to classify data and restrict how it can be used. Also record who accessed content and what they did with it in order to understand the entire ‘chain of custody' and protect your IP and other assets from misuse,” he told Infosecurity.
"No one wants to stifle collaboration, but you must protect your IP and other assets."
Insider misuse accounted for 19% of data breach incidents from 2004-2013, according to the 2014 Data Breach Investigations Report from Verizon.