Ari Baranoff | Managing Partner & Founder at BlueCoat – Corporate Investigative Solutions |
With the increased number of remote staff, the role of “gate keeper” and the need to monitor for unusual patterns within the workforce is paramount. For small and mid-size businesses, the stakes are high and the necessary controls are often anemic.
Case Study: “The Fast-Tracked New Hire”
“Tami” was recently fast-tracked to fulfill an immediate need within a company’s corporate strategy organization. The recruiter recommended Tami because her resume stipulates other similar duties over the past several years at comparable businesses. Verification of prior employment was geographically challenging as Tami had recently returned from overseas. A
basic background check was completed but did not include any counterintelligence or out-of-country due diligence.
Upon arrival, Tami is provided a company laptop and due to COVID-19 is working from home. From the beginning, Tami demonstrated tremendous capacity for taking on time consuming and complex assignments. After a short time, Tami suggested to her supervisor that she head up a new project with the first line risk team to expedite escalations of fraud detection in the accounts belonging to the company’s C-Suite members. Tami requested access to both
client data and the transaction monitoring system for all consumers. In addition, Tami requested handling this project during the evening hours and weekends, since other job duties are filling most of her day. Although the project is outside of Tami’s area of responsibility, the manager sees tremendous value and approves Tami’s project plan. He subsequently provides her the access and entitlements needed to complete the assignment. Armed with system access, Tami views and records account data, transactional history, personally identifiable information and other valuable details on the company’s senior executives, their family members as well as other targets of interest. Considering her mature and exceptional performance, the manager does not audit Tami’s access and use of these systems.
Approximately six months later, Tami announced her departure from the company for a “better opportunity.” The night before exiting, Tami copied then uploaded all of her work files, inclusive of the above, to an external personal cloud storage application.
Notable Takeaways
- The company should have controlled the access and entitlements for newly hired staff until after evaluating a full period of performance in addition to limiting privileges following the announcement of an impending departure.
- Work from home hours vary, especially for those balancing family and other responsibilities. In this scenario, however, the employee’s hours coupled with the other requests is a concern. The majority of your workforce will eventually fall into a typical pattern that is identifiable. Once established, look for the anomalies – they could present a red flag in terms of an external threat or insider abuse, where the employee assumes management is “off duty.”
- The lack of controls regarding the movement of sensitive information off site, even if detected, is problematic. For some companies, the use of cloud solutions, such as Google Drive, presents a unique challenge in terms of preventing this transmission when it is to a personal cloud storage account. Once data leaves your secure environment, it is impossible to fully ensure recovery.
- The type of data acquired, now collated in a single central location, provides an opportunity for insider fraud. In addition, the “pattern of life” that presents within the information collected may be of use to a nation state.
Stick with the Fundamentals:
There is no one size fits all system that captures and protects you against all insider threats. In addition to having good policies to protect what’s important, truly get to know your employees. When onboarding new staff, heavily scrutinize their requests to access proprietary and sensitive data. Having a constant temperature read of your staff allows you to recognize when things just “seem off” or when a tripwire advises you to probe further. The sudden and likely future
expansion in work from home provides additional opportunities for both external cyber threat actors and internal employee wrongdoing. Look for the warning signs and connect the dots – Patterns may emerge that necessitate follow up.
In a world of unprecedented change and disruption, certainty and resilience can be hard to find. Trust BlueCoat as your expert resource for employee wrongdoing concerns and establishing workforce risk programs. Stay focused on your business and mission, let us handle the distractions.