• FREE RESOURCES
        • Accounts Payable
          Finally! The trick to securing greater T&E compliance
          Benefits
          Rooting out folks who don’t belong on your health plan: A 6-point dependent audit checklist
          IT
          3 costly misconceptions about biz email compromise
          Credit and Collections
          Collecting via email: 4 must-make moves in your subject line
          Accounts Payable
          5 Tough-to-spot signs that an invoice is fake
  • PREMIUM CONTENT
        • Staff management
          120 Proven Communications Tips for Today’s CFO
        • Payroll
          Handling Nonexempt Employee Pay: Stay Compliant and Avoid DOL Audits
          Accounts Payable
          T&E Best Practices: Complete Guide to Ensure Compliance
          Payroll
          Payroll Best Practices: 4 Ways to Save Time and Money
        • Staff management
          Email Best Practices: A 6-Question Quiz
          Staff management
          Innovative Communications Strategies: An Email Case Study
          Staff management
          A 5-part Framework for Successful Workplace Communications
        • SEE MORE
          PREMIUM RESOURCES
  • CORONAVIRUS RESOURCES
  • LOGIN
  • SIGN UP FREE

CFO Daily News

  • FREE RESOURCES
        • Accounts Payable
          Finally! The trick to securing greater T&E compliance
          Benefits
          Rooting out folks who don’t belong on your health plan: A 6-point dependent audit checklist
          IT
          3 costly misconceptions about biz email compromise
          Credit and Collections
          Collecting via email: 4 must-make moves in your subject line
          Accounts Payable
          5 Tough-to-spot signs that an invoice is fake
  • PREMIUM CONTENT
        • Staff management
          120 Proven Communications Tips for Today’s CFO
        • Payroll
          Handling Nonexempt Employee Pay: Stay Compliant and Avoid DOL Audits
          Accounts Payable
          T&E Best Practices: Complete Guide to Ensure Compliance
          Payroll
          Payroll Best Practices: 4 Ways to Save Time and Money
        • Staff management
          Email Best Practices: A 6-Question Quiz
          Staff management
          Innovative Communications Strategies: An Email Case Study
          Staff management
          A 5-part Framework for Successful Workplace Communications
        • SEE MORE
          PREMIUM RESOURCES
  • CORONAVIRUS RESOURCES
  • Accounts Payable
  • Credit and Collections
  • Payroll
  • Accounting
  • Benefits
  • Finance Technology
  • More
    • Employment Law
    • Strategy
    • Policy and Culture
    • Fraud
    • Payments and Transactions
    • Budgeting and Forecasting
    • Banking
    • Staff Management
    • Cost Control
    • Supply Chain
    • IT

50% of users walk out with data: 5 keys to stop them

Tim Gould
by Tim Gould
April 7, 2016
  • Accounting
  • Budgeting and Forecasting
3 minute read
  • SHARE ON

You know how dangerous a break-in to your database could be to your bottom line, so you’re always looking to protect yourself from outside attacks. That strategy could backfire.  

You may think none of your staffers have it in them to hijack your data or sabotage your operations.

But consider this: Research on malicious insiders by Symantec found 50% of employees admitted to taking confidential data when they left a job.

At risk from insiders

In other words, insiders stealing data is a much more common problem than many companies realize.

However, there are steps you can take now to prevent data theft and damage from malicious insiders down the road, according to Dawn Cappelli, VP of information risk management, and Susan Schmitt, VP of HR, from Rockwell Automation.

Creating effective programs

At the 2016 RSA Conference, the pair outlined steps from their own company that others can use to prevent data theft and sabotage.

There are five steps companies should take to create effective insider threat programs beyond just implementing auditing tools:

1. Form an insider threat team

Insider threat teams should include different departments, including HR, Legal, IT and management.

This can help IT pros implement safeguards that address warning signs of potential malicious insiders, and also factor in other considerations.

Monitoring users without context from other departments might turn up false positives, such as activity that looks malicious but is done for legitimate, business purposes.

2. Collaborate with HR

One of the most important steps for an effective insider threat program is collaborating with HR.

Research Cappelli helped conduct shows that 50% of insiders steal data and intellectual property within 30 days of leaving a company.

So IT’s best bet for preventing insider damage is to have HR inform techs in advance when users are leaving the company.

That way, IT can look out for suspicious activity and get a jump on auditing computers for missing data.

3. Train managers to share red flags

Malicious insiders planning to conduct sabotage often show warning signs, like antisocial behavior, fighting with co-workers or showing frustration about changes, says Schmitt.

Managers should be trained to watch for warning signs of disgruntled users and share the info with HR and IT, especially if the users have access to important data.

4. Create an anti-theft document

Your legal team can assist insider threat programs by helping to create an anti-theft document for users
to sign, saying that no copies of confidential data have been made when they left the company. This creates a legally-binding agreement that can help companies take further action if a malicious insider slips through.

5. Be transparent and consistent

It’s also a good idea for companies to be up front with users about insider threat programs, although you don’t have to give specifics about everything the program entails.

Just knowing IT is watching can discourage some would-be saboteurs.

Schmitt notes that even seemingly innocent users can conduct data theft, making it key that IT is consistent with auditing former users’ devices.

Cite: “They’re people – not data! The Human Side of Insider Cyberthreats,” presented by Dawn Cappelli and Susan Schmitt at the 2016 RSA Conference in San Francisco

Keep Up To Date with the Latest Finance News

With CFO Daily News arriving in your inbox, you will never miss critical stories on accounting, benefits, payroll & employment law strategies.

Sign up for a free CFO Daily News membership and get our newsletter!
  • This field is for validation purposes and should be left unchanged.
CFO Daily News Logo
  • ABOUT CFO DAILY NEWS
  • ADVERTISE WITH US
  • WRITE FOR US
  • CONTACT
  • Accounting
  • Benefits
  • Payroll
  • Policy and Culture
  • Employment Law
  • Fraud
  • Finance Technology
  • Accounts Payable
  • Credit and Collections
  • Strategy
  • Payments and Transactions
  • Budgeting and Forecasting
  • Banking
  • Staff Management
  • Cost Control
  • Supply Chain
  • IT

CFO Daily News, part of the SuccessFuel Network, provides the latest Finance and employment law news for Finance professionals in the trenches of small-to-medium-sized businesses. Rather than simply regurgitating the day’s headlines, CFO Daily News delivers actionable insights, helping Finance execs understand what Finance trends mean to their business.

Privacy Policy Terms of Service
Copyright © 2021 SuccessFuel

WELCOME BACK!

Enter your username and password below to log in

Forget Your Username or Password?

Reset Password

Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.

Log In

preloader