95% of Employees Steal from their Employers

A survey conducted by Forensic Accounting Firm Kessler found that employees are more likely to steal from their employer than their customers. The survey of over 500 anonymous employees found that the theft not only includes office supplies, equipment and company products but more importantly stolen time and the theft and even sale of corporate secrets. According to the report, “The startling uptick in theft was attributed to several factors including employee increased misuse of company computers and smartphones.”

How much time are your employee’s stealing?

Almost 1 in 3 employees admitted to ‘falsifying time records’. But nearly 80% of those surveyed admitted to using company computers and phones for some sort of personal activity while at work. While employers think this type of activity is done in small chunks of time, these minutes add up and may result in hundreds of hours of lost productivity and time for a company over the course of a year. The arrival of social media in the workplace has further encouraged the theft of time by employees. Over 60% of those surveyed by Kessler admitted to having checked their Facebook, Twitter or other social media during work hours.

Can Corporate Intelligence theft drive you out of business?

Another surprising finding was that 18% of survey respondents admitted to having stolen corporate intelligence from previous and current employers. This included everything from client lists to proprietary intellectual property and knowledge used in the course of business. Although less prevalent than any other theft in the survey, this finding clearly can be one of the most damaging to employers. According to a 2007 study by the National Data Awareness Project, 70 percent of companies go out of business after a major data loss.

Awareness Technologies’ InterGuard Suite is a complete internal threat protection solution that includes modules for Data Loss Prevention so you can prevent your corporate intelligence from being stolen; Employee Monitoring and Web Filtering so you can stop Internet abuse and end lost productivity; Laptop Recovery so you can locate company laptops that may have been stolen or lost and delete sensitive data; and MobileMonitor to extend InterGuard’s protection to employer owned smartphones and tablet devices.

First off, what is Data Loss Prevention?

• Data loss prevention—also known as data leakage protection—helps ensure that customer information, personal employee information, and research and development (R&D) data remains safe and secure within your organization.
• Data loss prevention solutions and industry leading data loss prevention software will strategically protect your most important data and proprietary information that if lost could cost your company significantly.

See how our DLP solution can help strengthen your IT Security and overall business strategy with a test drive of our service.

How Will Data Loss Prevention Solutions Help My Business?

• The InterGuard, Data Loss Prevention (DLP) is a software tool that will provide your company with a focused security approach that will help your organization protect all sensitive data. Once you’ve identified your most critical data and its location on the network, you will be able to monitor:

• Who is accessing and who is using it
• Where it is being sent, copied or transmitted
• The resulting tracking information allows organizations to manage sensitive data more confidently. This not only prevents against data loss but also flags any data being handled in a way that deviates from your company’s established security policies.

How Can I Help My Business Implement Data Loss Prevention (DLP) Solutions?

• Identify your most sensitive data-not all data requires DLP strategies
• Determine how sensitive data is currently being used and who needs to have access to it
• Match DLP enforcement to your security policy to ensure compliance
• What Comprises a Data Loss Prevention Solution?

An effective data loss prevention solution consists of a mix of the following components:

• Encryption

Encryption describes an algorithm used to jumble data in transit or stored on devices rendering it useless for those attempting to access without an encryption key. Encryption prevents lost or stolen data from being viewed or used by non-authorized individuals.

Encryption can be used with a wide array of devices including desktops, laptops, networked systems, mobile devices, removable media and storage devices.

• Data Leakage Products
  Data leakage products help monitor, manage and protect data to minimize the risks of data loss and ensure compliance with security policies. These tools help classify data and monitor, report, or restrict data from being printed, e-mailed, or copied. Data is protected regardless of where the data resides even if the file type is changed.

• Getting Started with Data Loss Prevention
• An initial discovery session to understand your goals, requirements and budget
• An assessment review of your existing environment and definition of project requirements
• Detailed vendor evaluations, recommendations, future design and proof of concept
• Procurement, configuration and deployment of the final solution
• Ongoing product lifecycle support

The risk of an employee leaving their smartphone behind at a meeting, restaurant or bar and having it fall into the wrong hands is far greater than an employee downloading malware onto their device, said Vikram Thakur, Symantec’s principle security response manager.

While malicious activity on mobile devices is rising, all the known cybercriminal monetization schemes on smartphones fail to reach the revenue achievable in Windows, Thakur said in an interview with SearchSecurity.com. The potential still exists for a sustained and exponential increase in mobile device attacks, but it will likely take years before cybercriminals flock from the desktop to mobile devices, he said. New payment technologies, such as near field communications (NFC), which can turn any smartphone into a virtual credit card, may make attackers take a closer look at mobile platforms, Thakur said.

“There is a lot more real estate that the desktop malware authors have at their disposal, so the desktop will remain the most lucrative for years to come,” Thakur said.

Security experts are quick to caution businesses from ignoring the future risks that smartphones pose to corporate data leakage. The attack surface is much greater on mobile devices and there are far fewer security controls, said Chris Wysopal.

SearchSecurity.com spoke to several experts about the top five mobile phone security threats for 2012.

Here’s what they had to say:

1. Geolocation madness

2. Excessive permissions

3. Mobile application vulnerabilities

4. Unsecure Wi-Fi

5. Lost and stolen device

Be sure to protect your desktops and mobile devices with the InterGuard.

InterGuard defends your business from all insider threats. Deployed at the endpoint, clients can access 5 technologies including Data Loss Prevention, Web Filtering, Employee Monitoring, Laptop Recovery, and Mobile Smartphone Monitoring all through one agent download and one User Interface. It’s offered as both a complete suite and as five individual modules to help your organization protect its proprietary data and important customer information.

IBM‘s IT security research team, X-Force, predicts a modest 33 software exploits targeting mobile devices in the year ahead, that’s roughly twice the number of such attack code released in the past 12 months. Gartner argues that by 2014, 80 percent of mobile professionals will use at least two personal devices to access corporate systems and data.

Thus, it is absolutely critical for companies to have stricter internet usage policies and stronger IT Security protection on their mobile devices. The InterGuard solution provides employers with the ability to do just that and allows for employers to monitor cell phone messages and know what’s leaving their organization. Check out more information on InterGuard Mobile Monitor.

Five Essential  Mobile Security Tips To Follow

1. Lock the device. Lost and stolen devices continue to be the most serious threat for businesses and consumers.

2. Avoid questionable apps

3. Accept the patches. Similar to PCs, mobile phones need to be patched often to eliminate vulnerabilities found since the phone’s release. The good news is that unlike security vulnerabilities in Android, which can take time to make their way to the phone, updates are done over the air. Users should always accept the updates, says Kevin Mahaffey, chief technology officer for mobile security firm Lookout

4. Back up your data. Mobile devices are easy to back up, a characteristic users should make the most of. Users who back up regularly are less likely to lose data even if their company has a strict auto-destruct policy for lost or stolen phones, says Zscaler’s Sutton.

5. Stay safely behind bars. Finally, though some compelling reasons exist for consumers to jailbreak their phones, security experts advise users to just say no.

1. Start by monitoring the organization
2. Then create “report only” policies to watch for efficacy—clean them up if necessary. Only then put very clean policies into enforcement mode while leaving “iffier” ones in report only mode.
3. Determine which departments have access to confidential data
4. Always use least complicated policies to accomplish objectives
5. Blocking by file type if possible (no one in accounting should ever have to copy CAD files to USB)
6. Use combinations of things to reduce false positives. (State and SSN instead of SSN).
7. Use “report only” for more ambitious policies that are more likely to trigger false positives (SSN only).
8. Block things if possible instead of relying on content aware DLP (Block access to personal webmail and USB for those departments that don’t need it.
9. If a particular person tends to generate a lot of false positives, but the group they are in does not, simply modify the policies for that individual by putting them in their own group instead of modifying for all.
10. Create policies to scan “Data at Rest” for information that should not be kept on hard drives in an unencrypted state. These policies will alert administrators to any confidential data that is encountered on any hard drives of all computers in the organization where the software is installed regardless of whether the computers are on or off of the corporate network.

First, and foremost a computer monitoring software like InterGuard with its Data Loss Prevention DLP solution will help to prevent insiders from leaking proprietary data for your organization.

• Put a lock on the door by installing a firewall and make sure it is properly configured and up to date
• Keep your operating system and browser patched and up to date
• Install an alarm by using industry standard anti-virus software and make sure you install any updates. Malware infecting your computer can be an avenue for hackers to gain access to your personal data.
• Restrict key holders by not sharing your password with anyone. PCs allow you to create user accounts for a reason!
• Change your password regularly and make it hard to crack – but one you can remember without writing it on a post-it-note and sticking it to the screen!
• If you change your PC make sure you get the hard drive scrubbed. It’s amazing what criminals can pick up on EBay
• Be careful about the personal information you divulge when filling in registration forms. Ask yourself whether the organization really needs that much information about you and, as importantly, can you trust them to keep it safe? They’ll tell you how they intend to use the information but don’t be afraid to ask how they’re going to protect it to.
• Be careful what you tell strangers on social websites and in chat rooms.
• Question the validity of emails you receive and never click on an embedded link or down load attachments if you’re at all suspicious. Most banks will tell you how they will contact you and what they won’t ask you to do. If in doubt call the organization the communication is supposed to have been sent by to allay your fears or confirm your suspicion

     “Gartner claims that 70% of all vulnerabilities are at the Web application layer.” According to an article from Network World “the majority of attacks today, including the Sony PlayStation attack, involve some form of Web application vulnerability. But an application-related data breach is not just a one-time, isolated event. The actual breach is only one stage of the attack” thus, it is an absolute imperative today to protect your proprietary data from an onslaught of deleterious acts. InterGuard software offers a Data Loss Prevention (DLP) module that will keep your data from leaking out.

PC World reports: “Nearly 60% reported two or more breaches over the past year. More than 50% said they had little confidence of being able to stave off further attacks over the next 12 months.”

The New York Times reports: “60 percent of the respondents said they identified the source of the attack and perhaps not surprisingly, 34 percent were traced back to China and 19 percent to Russia.”

A couple quick facts from the report (pdf):

— The cost of an attack can be significant: “When asked to consider cash outlays, internal labor, overhead, revenue losses and other expenses related to the security breach, 41 percent of respondents report that it was $500,000 or more”

— “As a result of these multiple breaches, more than one-third (34 percent) of respondents say they have low confidence in the ability of their organization’s IT infrastructure to prevent a network security breach.

     “The laptop was one of 20 that have gone missing from a store room at London Health Programmes, based at the NHS North Central London health authority. According to the report eight have been recovered with the search ongoing for the other 12. The loss occurred three weeks ago but has only just been reported to the police, according to the Sun report.”

     Recent research has shown that laptop theft is now judged by CTOs to be the highest risk area for the loss of valuable company data. There are many partial solutions, including encryption and mapping data on laptops. None can restore lost data to its rightful owner.

     According to the Sun report, “One of the missing laptops contained sensitive details of 8.63 million people as well as records of 18 million hospital visits, operations and procedures….Information contained on the laptop was not encrypted, which Nick Lowe of security firm Check Point described as “essential” to safeguard personal records.”

     Recent high-profile data breaches and the theft of portable devices results in careless loss of important proprietary data and theft of exclusive information from large corporations. How do you guard the élan vital of your organization? The first step is better understanding where your company’s sensitive data lives, and from there you should take the necessary steps to lock and protect it with the InterGuard Data Loss Prevention, DLP solution, and the InterGuard Laptop Cop protection.

      “When a machine contains highly sensitive information on literally millions of patients, not securing the data on it by any means possible isn’t just careless: its sheer negligence. With the value of the data on such a machine in the tens of thousands of pounds, spending a little extra on security should be a no-brainer.”

     As more and more of our critical information becomes digital and heads toward the clouds it is an absolute now to have the proper protection and IT security measures in place to prevent these types of situations form happening.

     Time wasted at work is becoming a major issue for employers ranging from small-to-medium business all the way to the Fortune 500 companies. This delinquent behavior poses a challenge for employers especially at a time when meeting demand is absolutely critical for today’s success.

     The average employee wastes between 30% and 40% of their day surfing the Internet for personal/non-work related purposes. This is time spent updating a status on either Facebook, Twitter or other social-networking platforms, playing games, shopping, etc.

     Consequently, security threats abound as a result of these diversions. Using open source websites and software downloads can typically create a breeding ground for the download of malicious code and viruses. These types of activities can lead to the accidental or intentional access to, or the distribution of proprietary company data, which can put your company at risk.

     Employers now have the opportunity to block and monitor specific websites. Employee monitoring and data loss prevention solutions increase productivity by eliminating or blocking employees from playing games, shopping, or just surfing on the internet at work and securing the proprietary data housed on a network or PC.

 Quick Facts:
• Salary.com, Inc. released the results of its 2007 Wasting Time Survey revealing that the average employee wastes 1.7 hours of a typical 8.5 hour work day. These stats are based off their 2000 employee survey.
• As in previous years, personal Internet use (34.7% of respondents), socializing with co-workers (20.3%) and conducting personal business (17.0%) remain the leading time-wasting activities.
• While many employees admit to wasting time because they “don’t have enough work to do” (17.7%), the second most popular, and somewhat contradictory, response is “my hours are too long” (13.9%). Employees also cite being underpaid (11.8%) and a lack of challenging work (11.1%) as reasons for slacking on the job.
• Over 63 percent of respondents admitted to wasting time at work.
• Younger workers waste more time than their older counterparts. Employees between 20-29 years old reported the highest total—2.1 hours per day. The average for 30-39 year olds drops to 1.9 hours and ages 40-49 report wasting just 1.4 hours per day.

Insider threats as well as outsider threat culprits are increasingly becoming more innovative and inventive in finding ways to steal valuable property and proprietary data from companies who are at great risk without the appropriate endpoint security. Fortunately, there are ways that you can protect yourself and your belongings should you find yourself involved in a theft situation. Listed below are just a few of the recommended steps you should take before leaving the house with a smartphone or laptop.

1. Be prepared
2. Buy a laptop security device like Laptop Cop
3. Avoid conspicuity
4. Avoid using computer bags
5. Never leave items unattended
6. Never leave access numbers or passwords in your carrying case
7. Keep your items concealed
8.  Encrypt your data
9. Keep your eye on your laptop
10. Avoid setting your laptop on the floor
11. Use a screen guard