
	Home > Ask the Security Experts > Security Management Questions & Answers > I am concerned that a former employee will utilize corporate information in a malicious way.

Ask The Security Expert: Questions & Answers

EMAIL THIS

I am concerned that a former employee will utilize corporate information in a malicious way.

EXPERT RESPONSE FROM: Mike Rothman

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 19 May 2008
I am concerned that a former employee will utilize corporate information that he had access to while employed with us in a malicious way. He has turned over his company laptop and an external hard drive. Is there a way to document what has been done with files, or if files have been copied.

EXPERT RESPONSE
Unless a corporation has implemented a client-side data leak prevention (DLP) product, then there is little that can be done to discern how the files were previously used. The former employee could have copied the files to another device, printed out the records or done all sorts of other things to steal the data. If the organization had detailed logging turned on, then perhaps it could figure out which files were used and when, but lacking that technology, the organization is essentially looking for a needle in a haystack.

In this scenario, an enterprise's options are more passive in nature. If there is something/someone that the organization ise specifically worried about, then it needs to keep a sharp eye on the situation. For example, if the employee was working on a large bid or a specific project for a customer and his/her new firm shows up in the bidding for that contract, it can be assumed the employee was using that corporate data to get an edge. In many cases (but not always), this would be against the law. To be clear, it's hard to prove this kind of data theft in a court of law.

Taking the scenario a step further, the enterprise could preemptively sue the employee -- and the new employer -- alleging misappropriation of trade secrets. But again, without any firm or substantiated proof, it's unlikely the case would stand up in court.

More information:

Learn about implementable policies to keep employees from leaking corporate information.
How well do information leak prevention products really work? Read the security expert's response.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Security Management
	What is the GISP certification and how does it compare to the CISSP certification?
	Would QSAs normally write up a PCI DSS report on compliance (ROC) and submit it to all issuing card brands?
	How can gap analysis be applied to the security system development life cycle?
	When should an enterprise consider low-cost security appliances vs. a bigger do-everything appliance?
	What are some tips on protecting my security budget in a tight economy?
	What value do research firms provide to enterprises that subscribe to their services?
	What certificate offers the best ROI for an IT project manager?
	Which is the biggest threat to data: Insider activity or outsider activity?
	What role does information security play in enterprise fraud-prevention activities?
	What is the difference between an SAS 70 data center and a Tier III data center?

Insider Threats

Express Scripts offers reward in hacker extortion case

Societe Generale bolsters internal controls, discovers second insider

Information security book excerpts and reviews

Security pros focused on internal threat, training

Reasearch on Coding Backdoors Presents Ugly Picture

Deloitte survey finds overconfidence, lack of planning on security

Data loss prevention from the inside out

Insider dangers

Survey finds access control problems at many firms

Societe Generale: A cautionary tale of insider threats

Creating a Security Culture

IT security pros focus on internal threats during tough economy

Security policy being bypassed by employees, survey finds

IT security pros face challenge during economic crisis

What are some tips on protecting my security budget in a tight economy?

How to get information security buy-in from the executive team

Which is the biggest threat to data: Insider activity or outsider activity?

Sound compliance policies, practices reduce legal costs

Can home PCs provide a way for viruses and spyware to enter a corporate LAN?

Unified communications trigger data leakage dangers, survey finds

What are the top five concepts or lessons on security management?

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

insider threat (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy