January 2009

The very process of downsizing to reduce your company’s financial burden can create the opposite impact on your business if you experience a data breach. These are not normal times and as the economy worsens and employees begin to hear of layoffs, they tend to react in ways you never thought possible. Be prepared to see behavior you wouldn’t normally see. This means you need to know where your critical data resides and who has access to it.

Researchers have reported that we are seeing more insider activity, such as sabotage, espionage, and theft, motivated by economic fear. Keep in mind that motivation plus opportunity equals risk. Imagine what Countrywide went through in their follow-up discovery that revealed an insider stole and distributed over two million identities. This happened because one computer’s USB port hadn’t been disabled by the company’s IT department.

Employees have more knowledge of critical business information than outside hackers and they will take advantage of it if they know they are about to be let go. Whether their actions are for revenge or personal gain, know your company is at significant risk and have your controls in place to monitor who is accessing your data and where that information is going.

Be prepared to cut off user names, passwords, and remote access. And if the person was in IT and had administration rights, speed is of the essence. Put measures in place to validate the security of your data to ensure the user cannot get back into your systems. With all that said, if the employee feels they will be laid off, your information might already be gone.

In the event you feel you’re at risk, do you have incident response and forensics plans in place? Think of it this way: If you have flammable objects on-site, you better have the number of the closest fire station on speed dial to save your assets from getting burned. Quick actions are also critical when it comes to unauthorized intrusions. Have a company ready to engage, like NCX Group, to determine the point of entry, how the attack occurred, and what information the attacker gained access to. The better prepared your organization is to respond, the better chance it will have to minimize the damage.

We have clearly seen an increase in forensics engagements and it’s unlikely they will subside soon. NCX Group welcomes the opportunity to help you discover the vulnerabilities within your systems and plan for the contingencies brought on by the reality of today’s
economy.

Please visit our web site at www.ncxgroup.com to learn more about our Incident Response and Computer Forensics area of practice.

For more information about our services or for a free consultation on how our experts can help you secure your data at a price that will fit your budget, call us at 888-448-5451 or request a representative to call you.

NCX Group, Inc. is a leading information risk management firm specializing in the assessment and mitigation of risk associated with today’s technologies and business processes.