 |
 |
 |
|
09.18.08 Do SysAdmins Steal Data?  By Dan Morrill With the unprecedented melt down of Lehman Brothers yesterday, a huge EDS layoff, and even eBay looking at layoffs, one has to ask, who is minding the store on customer records and customer data? As job losses mount, and while employees are still in a state of shock, the loss of customer records and data across many enterprises needs to be first and foremost in the minds of managers. With reports that a significant number of employees will steal data as they walk out of the company, this is a very real concern for people who had accounts at these companies. I have to ask, who is minding the store? While it will be a while for the effects of the layoffs to be fully realized in the job market, with the number of layoff's, there is a high likelihood that customer and company data are walking out the door along with the employee who was just laid off. That is a reality of the business today; you never know what is on those USB devices, or disks, or even what was forwarded in e-mail. I would imagine that more unscrupulous employees would be looting the company databases because they literally have nothing left to lose.
With the way that data is mobile, on laptops, on USB keys, in e-mail, and in other systems that might not be returned when a company goes out of business, an intrepid if ethically challenged person might try to sell that information on the open market. And there are buyers, especially if someone can arrange a deal for a significant chunk of data from a failed brokerage. That would be a coup for hackers that while probable, we would never hear about. The other problem is that in the state of chaos with people coming in and going out, it is also probable that a group of hackers could pose as moving men, and yank large amounts of computer hardware from the company and no one would think to ask about it. This kind of social engineering is also not new, but taking advantage of chaos and a large group of people coming in and going out, with a lack of concern what happens to the data "just got fired go away" mentality, there will be people asleep at the gate. This is what makes it all the more interesting, and how both electronic and physical security are managed during a mass layoff is yet one more thing to think about before it happens at your company. There are real side effects that could cost people their identities or their bank accounts, without any recourse to credit monitoring or anything else, because the company has gone out of business. Comments About the Author: Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community. |
|
| ||
 |
|
-- SysAdminNews is an iEntry, Inc. publication -- iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 2008 iEntry, Inc. All Rights Reserved Privacy Policy Legal archives | advertising info | news headlines | free newsletters | comments/feedback | submit article |
