Everyone does it: why employees are the main threat to corporate information security and how to deal with it

In just a couple of months, the small but very frisky virus COVID-19 shook the global economy and changed the long-established rules of doing business. Now, even the most dedicated office worker adherents had to transfer employees to remote work.

The terrible dream of conservative leaders was a reality: audio communication meetings, constant correspondence in messengers and no control!

Another coronavirus has activated two of the most dangerous threats to corporate security. The first is hackers who take advantage of the vulnerability of companies in an emergency transition to a remote location. The second is their own employees. Let's try to figure out how and why employees can steal data, and most importantly, how to deal with it.

The perfect recipe for corporate diversion

According to researchers in Russia in 2019, the number of registered leaks of classified information from commercial and government organizations increased by 40% compared to 2018. At the same time, hackers steal data in less than 20% of cases, the main violators are employees - they are responsible for approximately 70% of all leaks.



Employees may intentionally steal corporate information and personal data of clients or compromise them due to violation of information security rules. In the first case, the data will most likely be sold: on the black market or to competitors. Their cost can vary from several hundred to hundreds of thousands of rubles, depending on the value. In the face of the impending crisis and in anticipation of a wave of layoffs, this scenario becomes quite real: panic, fear of the unknown and a desire to insure against a job loss, as well as access to work information without strict office restrictions, is a ready-made recipe for a corporate leak.

What data is in demand on the market? "Entrepreneurial" employees of telecom operators offer a "number punching" service on forums: this way you can get the name of the owner, registration address and his passport data. Employees of financial institutions also consider customer data as a “hot commodity."

In a corporate environment, employees transfer competitors' customer bases, financial documents, research reports, projects. Almost all office workers violated information security rules at least once, even if there was no malicious intent in their actions. Someone forgot to take an accounting report or a strategic plan from the printer, another shared a password with a colleague who has a lower level of access to documents, a third sent friends photographs of the latest design, which have not yet been put on the market. Part of the company's intellectual property, which may constitute a trade secret, is taken with most of the retiring employees.

How to find the source of leaks

Information flows from the company in several ways. Data is printed, copied to external media, sent to mail or via instant messengers, photographed on a computer screen or documents, and hidden in images, audio or video files using the steganography method. But this is the highest level, so it is available only to very advanced kidnappers. The average office worker is unlikely to use this technology.

Security services track and transfer documents using DLP solutions (data leak prevention), such systems control the movement of files and their contents. In case of suspicious actions, the system notifies the administrator and blocks the data transmission channels, for example, sending emails.

Why, despite the effectiveness of DLP, information continues to fall into the hands of attackers? Firstly, in the conditions of remote work, it is difficult to control all data exchange channels, especially if work tasks are performed on personal devices. Secondly, employees are aware of how such systems work and bypass them using smartphones - they take screenshots or copies of documents. In this case, it is almost impossible to prevent leakage. According to experts, about 20% of leaks occur precisely in photographs, and especially valuable copies of documents are transmitted in this way in 90% of cases. The main task in this situation is to search for an insider and prevent his further illegal actions.

The most effective way to search for an intruder in the event of leaks through photographs is to use a system to protect data by means of their preliminary hidden visual marking. For example, the SafeCopy system creates a unique copy of a confidential document for each user. In the event of a leak from the detected fragment, you can accurately determine the owner of the document, which most likely became the source of the leak.

Such a system should not only mark documents, but also be ready to recognize the markings in order to identify the source of the leak. According to the experience of the Scientific Research Institute of Computer Science and Design, the data source most often has to be determined from fragments of copies of documents, or from copies of poor quality, on which it is sometimes difficult to parse text. In such a situation, the first place is the functionality of the system, which provides the ability to determine the source both by electronic and printed copies of the document, or a copy of any paragraph of the document. It is also important whether the system can work with low-resolution photographs taken, for example, at an angle.

The system of hidden marking of documents, in addition to finding the culprit, also solves another problem - the psychological impact on employees. Knowing that the documents are “tagged”, employees are less likely to violate, because a copy of the document itself will indicate the source of its leak.

How to punish for data leakage

In the US and European countries, no one is surprised at the high-profile lawsuits initiated by companies against existing or former employees. Corporations are actively protecting their intellectual property, violators receive impressive fines and even prison sentences.

In Russia, there are still not many opportunities to punish the employee who caused the leak, especially intentionally, but the affected company may try to bring the violator not only to administrative, but also to criminal liability. According to Article 137 of the Criminal Code of the Russian Federation “ Violation of privacy ” for the illegal collection or dissemination of information about private life, for example, customer data committed using an official position, a fine of 100 thousand rubles may be imposed. Article 272 of the Criminal Code "Unlawful access to computer information ”provides a fine for illegal copying of computer information from 100 to 300 thousand rubles. The maximum penalty for both crimes may be restriction or imprisonment for up to four years.

In Russian judicial practice, there are still few precedents with serious penalties for data thieves. Most companies limit themselves to the dismissal of an employee and do not apply any serious sanctions to him. The systems for marking documents can contribute to the punishment of data thieves: the results of an investigation conducted with their help can be used in legal proceedings. Only a serious attitude of companies towards leak investigations and toughening punishment for such crimes will help to turn the tide and cool the ardor of kidnappers and information buyers. Today, rescuing leaking documents is the work of ... the owners of the documents themselves.