In just a couple of months, a small but very frisky COVID-19 virus has shaken up the global economy and changed the long-established rules of doing business. Now even the most dedicated adherents of the office-work have had to transfer employees to remote work.
The nightmare of conservative leaders has come true: audio conferences, constant messaging and no control!
Coronavirus has also activated two of the most dangerous threats to corporate security. The first is hackers who take advantage of the vulnerability of companies in a situation of emergency transition to remote work. The second is our own employees. Let's try to figure out how and why employees can steal data, and most importantly, how to deal with it.
The Perfect Recipe for a Corporate Leak
According to researchers in Russia in 2019, the number of registered leaks of classified information from commercial and government organizations increased by 2018% compared to 40. At the same time, hackers steal data in less than 20% of cases, the main violators are employees - they are responsible for approximately 70% of all leaks.
Employees can steal corporate information and personal data of clients intentionally or compromise them due to violation of information security rules. In the first case, the data will most likely be sold: on the black market or to competitors. Their cost can vary from a few hundred to hundreds of thousands of rubles, depending on the value. In the context of the coming crisis and in anticipation of a wave of layoffs, this scenario becomes quite real: panic, fear of the unknown and the desire to insure against job loss, as well as access to work information without strict office restrictions, is a ready-made recipe for a corporate leak.
What data is in demand in the market? "Enterprising" employees of telecom operators offer a "number punching" service on the forums: in this way you can get the owner's name, registration address and his passport data. Employees of financial institutions also consider customer data to be a βhot commodityβ.
In a corporate environment, employees transfer customer bases, financial documents, research reports, and projects to competitors. Almost all office workers have violated information security rules at least once, even if there was no malicious intent in their actions. Someone forgot to pick up an accounting report or a strategic plan from the printer, another shared a password with a colleague with a lower level of access to documents, a third sent photos of the latest development not yet to market to friends. Part of the company's intellectual property, which may be a trade secret, takes with it the majority of employees who leave.
How to find the source of leaks
Information leaks out of a company in several ways. Data is printed, copied to external media, sent by mail or via instant messengers, photographed on a computer screen or documents, and also hidden in images, audio or video files using steganography. But this is the highest level, so it is only available to very advanced abductors. The average office worker is unlikely to use this technology.
The transfer and copying of documents is monitored by security services using DLP solutions (data leak prevention - solutions to prevent data leakage), such systems control the movement of files and their content. In case of suspicious activity, the system notifies the administrator and blocks data transmission channels, such as sending e-mails.
Why, despite the effectiveness of DLP, information continues to fall into the hands of intruders? First, in a remote work environment, it is difficult to control all communication channels, especially if work tasks are performed on personal devices. Secondly, employees know how such systems work and bypass them using smartphones - they take screenshots or copies of documents. In this case, it is almost impossible to prevent leakage. According to experts, about 20% of leaks are photos, and especially valuable copies of documents are transferred in this way in 90% of cases. The main task in such a situation is to find the insider and prevent his further illegal actions.
The most effective way to find the intruder in case of leaks through photographs is to use a system to protect data by pre-hidden visual marking. For example, the SafeCopy system creates a unique copy of a confidential document for each user. In the event of a leak, using the found fragment, you can accurately determine the owner of the document, which most likely became the source of the leak.
Such a system should not only mark documents, but also be ready to recognize marks in order to identify the source of the leak. According to the experience of the Research Institute SOKB, the source of data most often has to be determined by fragments of copies of documents, or by copies of poor quality, on which it is sometimes difficult to make out the text. In such a situation, the functionality of the system comes first, providing the ability to determine the source both by electronic and hard copies of the document, or by a copy of any paragraph of the document. It is also important whether the system can work with low-resolution photographs taken, for example, at an angle.
The hidden marking system of documents, in addition to finding the culprit, solves another problem - the psychological impact on employees. Knowing that documents are βmarkedβ, employees are less likely to violate, since a copy of the document itself will indicate the source of its leakage.
How are data breaches punished?
In the US and European countries, high-profile lawsuits initiated by companies against current or former employees no longer surprise anyone. Corporations actively protect their intellectual property, violators receive impressive fines and even prison terms.
In Russia, there are not yet many opportunities to punish an employee who caused a leak, especially a deliberate one, but the affected company may try to bring the violator not only to administrative, but also to criminal liability. According to article 137 of the Criminal Code of the Russian Federation "Β» for the illegal collection or dissemination of information about private life, for example, customer data, committed using an official position, a fine of 100 thousand rubles can be imposed. Article 272 of the Criminal Code of the Russian Federation "Β» provides for a fine for illegal copying of computer information from 100 to 300 thousand rubles. The maximum punishment for both crimes can be restriction or imprisonment for up to four years.
In Russian judicial practice, there are still few precedents with serious penalties for data thieves. Most companies limit themselves to dismissing an employee and do not apply any serious sanctions to him. Document marking systems can contribute to the punishment of data thieves: the results of the investigation carried out with their help can be used in legal proceedings. Only the serious attitude of companies to the investigation of leaks and tougher punishment for such crimes will help to turn the tide and cool the ardor of the thieves and buyers of information. Today, saving leaking documents is the work of ... the document owners themselves.
Source: habr.com