October 5th, 2012 by Millie Smith
MI5 chief Jonathan Evans recently warned businesses to not underestimate the level of industrial espionage taking place across the world. In today’s digital and global world, information is as valuable as cash. In fact corporate espionage costs UK businesses more than 800 million pounds each year. However companies of all sizes tend to neglect one of the most common perpetrators of data theft: their employees.
Who is the Typical Data Thief?
In order to assess this often underestimated threat, Symantec recruited leading forensic psychologists to examine various factors leading to insider data theft, focusing on the behavioural and environmental issues that can cause theft of corporate data. The results, published on Symantec’s website, conclude that the average data thief is first – a current employee; second – male, third: 37 years old. The typical perpetrator of data theft usually serves in technical positions such as programmer, engineer or scientist.
What are the Common Methods?
Digital documents are portable, easy to copy and can be stolen easier by employees than paper documents. This fact not only applies to the ease with which electronic files are stolen, but also to the sheer quantity taken.
According to a survey conducted by the Ponemon Institute, 29% of thieves say they steal corporate data when they leave a company. 24% of thefts were done using USB devices (sticks, MP3 players) and 18% used email. Smart phones – dangerous combination of storage, data access and ubiquity – are an ideal method of stealing data, but surprisingly most companies do not address this threat at all. The same goes for Instant Messenger services and FTP connections.
All of the methods described above cover intentional data theft by employees. However, an employee may also inadvertently expose confidential data by installing software on their computer. Over half of all respondents to the Ponemon Institute’s survey admitted to downloading personal internet software to their company computers. Many of these programs could contain a Trojan horse or other malware, which seeks out confidential data and copies it to data caches on the Internet for retrieval by unauthorised individuals.
How Can Businesses Prove Data Theft?
While policies and technology will prevent casual data theft, determined employees will still steal data. If this occurs, the company will have to prove two things: that the employee took information without permission and that the theft caused harm. This is where computer forensics steps in. Computer forensics experts can find and document instances of an employee’s improper conduct using specialised software, hardware and techniques.
Our top choice of contemporary forensic software is Internet Evidence Finder (IEF), developed by Magnet Forensics. IEF recovers data in more areas than any other solution, which include:
- Entire logical or physical drives
- Unallocated space/deleted data
- Selected files including live RAM captures, network PCAP files, pagefile.sys, hiberfil.sys files (with full decompression) and more
- Entire user-selected folders and subfolders
- Special areas of the NTFS file system
Internet Evidence finder is easy to use and able to recover cloud artefacts, social networking pages, webmail applications, instant messenger clients, P2P file sharing applications, web browser artefacts. For more information about IEF please click here.
October 4th, 2010 by Millie Smith
Millions have fallen for it, have you? Online criminals are laughing all the way to the bank.
A. Scareware refers to fake sales tactics intended to scare users into thinking their PCs have critical errors/viruses that need to be secured right away. Scareware offers an immediate solution (at a price of course) as a software download. More often than not this installs some kind of spyware or malware onto your PC. This software can make you more vulnerable to fraud and identity theft.
Protect yourself and your PC:
- Don’t click on any pop-ups or ads on websites that mention critical errors/viruses and the like. Even if they say they’re from Microsoft or other well known service providers.
- Purchase reputable software like ZoneAlarm (info here, call Software Paradise on 0800 289 041 to purchase).
- It takes some common sense as these cyber criminals need you to get what they want, be it credit card details, passwords etc.
- These scams can even appear on trusted sites like Google and Twitter – so be wary of everything you click on.
- Keep your operating system and antivirus protection up-to-date.
- If you do receive a scareware pop-up don’t click on it to close it. Use your task manager instead.
Top in IT security headlines has been the threat of ’scareware’. Symantec released a report this week stating that over 40 million people have fallen for scareware scams in the last year. There have even been reports of cybercriminals holding your computer and data at ransom by locking your PC and demanding relatively small amounts of money to get your data and control back. Because the amounts of money are small it is believed that there are many cases out there that have gone unreported.
In the current climate people are increasingly worried about online fraud, identity theft and hackers. This is why scareware scams are on the increase – online criminals know they work.
August 12th, 2010 by Millie Smith
The wife of Sir John Sawers (the future head of MI6) had posted personal family information on Facebook.
“I am concerned,” said Nigel Trevena, IT Security Advisor at Software Paradise.
MI6 employees are bound by rigorous privacy rules, so the fact that these were broken is a worry in itself. Add to that the fact that this ‘incident’ occurred soon after Brown gave the go-ahead for setting up a UK Cyber Security Operations Centre, and it is no surprise that security professionals are once again rolling their eyes.
Tory Ken Clarke said that he doubts Britain’s enemies rely on Facebook for information (BBC News Online). Facebook might not be the first point of call when terrorists are doing their research, but using personal information can be an effective bargaining tool. Not only is the name and face of the future head of MI6 in the public domain, we have also seen the family album and know where they live. Protecting them has got to be a harder task as a result of the Facebook post.
I suggest you ask yourself these 10 questions before you decide to start broadcasting on a social networking site and potentially put yourself, your employer and your employment at risk:
1. Why do I need to broadcast this information?
2. Who can view what I am broadcasting?
3. Is what I’m planning to broadcast personal information?
4. Could someone use this personal information against me?
5. Am I broadcasting information that a friend/colleague/family member wouldn’t appreciate?
6. If I do decide to broadcast, have I ticked all the right boxes to ensure that strangers can’t view the information?
7. How do I ensure that others don’t post personal information on my page?
8. Am I sure I won’t use the site in company time and vent about work?
9. What would my employer think/do if I did this and they found out?
10. If I take a sick day, am I sure my friends won’t mention the beach trip on my page?
If you’re on the London network on Facebook, 200 million people can access your information. If you use MySpace or Bebo, anyone can view your page unless you turn off certain settings.
Is it worth the risk?