Have you heard about this Verizon mini-scandal that broke out in June, when the American international telecommunications conglomerate exposed data of 6 million customers? The most interesting thing about the incident is that it was caused not by a large-scale hacker attack or some sophisticated malware. No, the data was leaked due to a human fault – an employee who worked for one of the company’s vendors allowed external access to its cloud storage by mistake. Though the incident resulted only in short-time exposure of some personal information, since it was timely detected, it is yet more proof that corporate information security remains rather vulnerable to insiders.
There is more supporting data in a Global Data Leakage Report 2016 published by InfoWatch, which is a Kaspersky Lab’s subsidiary. It shows that 67% of leaks were caused by employees, while only about 30% were resulted from external intrusion. This means that your business is twice more likely to suffer from your own employees than from those long-rumored hackers.
You will be even more surprised to find out that according to the study, in most cases private data is compromised unintentionally (almost in 55% of the incidents) – but your employees’ ignorance offers cold comfort to you, especially when it comes to lost contracts or lawsuits, doesn’t it?
But how can they do this, both intentionally and accidentally? We can bet there are plenty of ways. You customer database, trade secrets and knowhow can be downloaded via portable devices, sent by e-mail or even shared through social media. In fact, most of leaks happen via a network, in particular through browsers and cloud storages, but removable media, e-mails and IMs have their share.
You just have to realize that each and every piece of corporate information can be stolen via PCs and mobile devices which are in excess supply in your office. The question is how can you protect your business and get off cheaply?
Actually, many entrepreneurs have already taken on board some kinds of software that allow them to monitor their employees’ desktops. One of them that deserved to be mentioned in an article published by The Washington Post is Work Examiner – an effective business tool helping to prevent and reveal leaks. It delivers employee monitoring software that can be secretly and remotely installed to desktops and then used for both work time tracking and leakage prevention. To this end, the client offers 5 effective and customizable tools available in the Standard and Professional options.
Work Examiner allows monitoring employees’ Web-surfing supplementing this with multiple statistics like website address, date of access, time spent on a site and actions made by a user.
How does it help?
In addition to browsing history, data on user behavior provided by Work Examiner includes online searches made by your employees via the most popular search engines. This helps detect suspicious behavior like searching for vacancies (meaning your employee is not quite happy with the current job and can quit taking some of your secrets with him/her) or a questionable visit (when a staff member visits your competitors’ websites – what for?).
Moreover, Work Examiner reports on files downloaded by desktop users, so that you can check the downloads – what if your employee downloaded some malware to allow access to the company’s sensitive data? There are also tools for blocking access to certain websites and configuring e-mail notifications that inform about a prohibited access attempt – among other things, this will help you understand whether employee’s behavior was accidental or intentional.
According to American Management Association study, in 2009 14% of employees owned up to sending confidential company information to third parties via e-mail. Are you sure that times have changed since then? Work Examiner offers an e-mail recording tool storing all massages sent and received via various services and protocols.
How does it help?
It saves all e-mail attributes along with the bodies and attachments, while adding the possibility of searching based on various parameters. If you suspect that your critical data got into the hands of the wrong people via e-mail, it will be easy to reveal the fact filtering messages by:
- time and date;
- employee’s name;
- e-mail address;
Checking Through Instant Messaging
Due to rapid development of online technologies, including instant messengers, the boundaries between business and personal communication of employees turns out to be dissolved. All it takes is one ill-considered comment published by an employee to leak information on a business-project to competitors or to destroy company’s reputation. You can prevent this type of leaks or at least mitigate the effects by using Work Examiner’s IM capturing tool.
How does it help?
It saves and reports on all messages shared through the hottest clients and protocols showing who, when and what:
- If you suspect an employee – check his/her messaging for a certain period;
- If an important business decision was made on a particular day – monitor all messages during the day;
- If you are concerned about the safety of important contract details – search through IM clients for specific keywords.
Spying on Keystroke
Work Examiner captures, saves and reports on each keystroke entered from a desktop under its surveillance regardless whether it was typed in a Word file, live chat or website. In addition to keystrokes, each report covers a user, PC, date/time, website/application name for faster search.
How does it help?
Obviously, this tool gives you a nice chance to check what was typed by your staff members in e-mails, chats and other communications channels which can also be used as leakage channels. But what is more important, you can capture passwords typed by your employees when they enter apps, files and accounts. The tool features allow:
- to identify all cases of typing critical words and phrases associated with your sensitive data that can be passed to third parties;
- to reveal all attempts of trying guesses for a password;
- to explore whether an employee received an unauthorized access to restricted information.
You can also configure the keylogging for specific apps, browsers, e-mail and messaging services to make the monitoring more effective.
Work Examiner shows screenshots from desktops in a real-time mode and can be configured to record them at regular intervals. The saved screenshots can be viewed as a slideshow and then exported to .jpg files, while customization of the screenshots frequency and programs to capture is available.
How does it help?
It is a fast and simple way to learn what your staff is doing at the moment (or was doing during the working hours), but it is also a helpful tool for revealing and proving any facts of corporate information theft. You can view the screenshots any time it is convenient to you searching by a suspicious date, user or channel. The high quality of imaged allows viewing the details for greater reliability.
Work Examiner provides an integrated solution with multiple productivity-improving features added that can be easily deployed and customized in accordance with your company’s needs. The effectiveness of such IT-solutions was proven by many surveys, while the cost of data loss is too high even for “small” leakages, amounting up to tens of thousands of dollars. So, why take chances?