A ticking time bomb of sorts is hidden away in the cubicles and workstations of many businesses. When it goes off, the personal financial information of customers and workers could be laid bare. So can sensitive corporate data.
The potential for both accidental and deliberate breaches of personal information and intellectual property by workers is a growing concern for corporate executives. Sometimes employees just get careless or do not know all that they should about data security. Other times, the breaches are intentional, perpetrated by disgruntled workers.
Data security products spearheaded by regulatory compliance dictates help IT managers monitor outgoing e-mail 
and block sensitive data they contain. Other data security products encrypt designated data types to protect against loss if the data is stolen.
New security software systems are helping corporate executives monitor and prevent insider data breaches. Insider data breaching occurs when an employee steals sensitive -- often personal -- financial and corporate information.
Knowing the telltale signs of insider breacher behavior is a necessary first step in catching a data breach before it happens.
"People need to be attentive on all levels. If managers don't watch their workers' behavior, they will miss the clues," Dan Sarel, vice president of product management at Sentrigo, told TechNewsWorld. Sentrigo is a database security software company.
Inside Jobs
A Carnegie Mellon University report last year estimated the number of breach incidents caused by insiders is increasing by 3 to 5 percent annually. The figures apply to companies of any size. However, because many insider attacks go unreported and many companies do not know they are happening, more definitive figures are not available.
Also last year, a CSI/FBI security survey disclosed that insiders are responsible for more than 70 percent of network abuse. This figure, however, is based on only the number of insiders who were caught.
U.S. organizations lose about six percent of their annual revenue to insider fraud, according to a report issued last September by the Association of Certified Fraud Examiners and Ernst & Young's Global Security Survey.
Insider theft poses a unique problem to security chiefs. Existing endpoint security systems have no effect because there is no intrusion to prevent. The data thief does not have to get inside. He or she already has legitimate access to the data stored on the corporate network.
Plugging Potential Leaks
Like several other software security solutions available, Vericept's data loss prevention product monitors access to databases and other files stored on corporate networks. The software enforces policies set by the company tailored to its type of sensitive data.
"Most employees try to do the right thing but don't always know about all the components of the database. By receiving a notification from our software, the employee actually learns about the error," Paul Pillotte, senior product manager at Vericept, told TechNewsWorld.
Vericpet's system prevents data breaches by encrypting or blocking the sensitive information at the point the employee attempts to send it, he said. It also places a monitoring client on corporate laptops so mobile workers can not send out unauthorized data.
The security software's enforcement policy allows a worker to open a document but not save it anywhere.
In essence, Vericept does not block access to USB 
drives. Instead, it allows full use of the USB storage
for non-sensitive data.
The software sends alerts of the potential breach to the employee. Rules allow for either blocking the release or allowing the action with a justification for the action recorded so when monitoring occurs there is an explanation, explained Pillotte.
To Catch a Thief
From Pillotte's view, the bigger problem is stopping accidental data breaches. Sometimes mistakes happen and employees send sensitive information without knowing it.
For example, a person in the human resources department could e-mail a client or a contractor a spreadsheet with specific information, not knowing that there is a tab with 100 social security numbers included, he explained.
"We find that deliberate data breaches are a much smaller part of the problem, but the damage done when privacy is unknowingly violated by workers is much greater," Pillotte said.
Not all security experts agree, however. Corporate databases are far too tempting for some workers to resist, asserted Sentrigo's Sarel.
"We see databases as the prime target for data breaches within a company. It is the crown jewel. Databases are so huge that it is easy to move data around unnoticed," he said.
To ensure the safety of sensitive data, company officials must be proactive in monitoring all their employees.
Telltale Signs
"The answer [to preventing insider data breaches] is not only in IT. Coworkers and managers at all levels can see warning signs. The goal is to catch a potential insider breacher early enough to prevent further progress," said Sarel.
One key sign is the office worker who never takes vacations. It is widely known that people who do data breaches do not take vacations, he explained. Taking off for a few days and leaving their desk unguarded would leave a window open for someone to discover their illicit activities.
Supervisors also should be aware of sudden escalations in a worker's network privileges. A big warning sign is when a worker requests additional access for a document not normally needed, Sarel said.
Many breach methods are technology based. However, insider data breachers also use social engineering techniques on their coworkers and supervisors to gain passwords or additional access rights, he added.
Guarding the Database
In normal circumstances, a database should only be accessed by one or two applications. The IT staff should monitor for any deviation. The use of unusual programs within a database is a big warning sign, explained Sarel.
Until an actual breach occurs, theives have to do lots of preliminary work. They have to scout out the database and learn what they can do. Usually, a breach is not a one-time event. It requires quite a lot of casing and prep work, he explained.
"There are lots of tools to block privilege escalation. IT security needs to look every few days for changes that could indicate tampering in preparation for a breach. This depends on the degree IT is willing to spy on workers," Sarel noted.
Forceful Figures
Learning the details from reports on insider breaches is useful, but companies still have to use technical support, Paul Henry, vice president of technology evangelism at Secure Computing, told TechNewsWorld.
According to the CSI/FBI security survey, 86 percent of data breachers discovered on the job worked in technical positions, and 38 percent had jobs as system administrators.
"This is why companies need technical support to monitor for breaching attempts," Henry said.
Other disclosures from government reports on insider data breaches revealed that 80 percent of insider
theives showed negative behavior before committing a breach. Nintey-two percent had negative work evaluations. Fifty-nine percent were former employees or contractors, he said.
Talkback: 
