Monday, February 23, 2009

The ex-employee threat

We all suspected it, some might have done it as well. According to the latest Ponemon survey, apparently nearly 60% of terminated employees take some company sensitive data with them. But the most troubling aspects are the ability for ex-employees to access company data even after they were let go!

I would think the majority of these can be prevented via good and simple baseline security. Some, of course, will need more sophisticated tools such as DLP etc that can track documents based on content. The hardest part will be stopping malicious users from taking a small set of extremely sensitive documents - for eg. taking a photograph of the document on his PC! If there are a lot of documents, it might be hard for the employee to do these manual tasks.

At the end of the day, one has to trust employees and be able to track documents and prosecute. If one or two high-profile cases end up in court, deterrence will become a good security policy!

No comments: