Tue, Oct 8, 2013

More People "In the Know" Spells Big Cyber Troubles

Knowledge is the fuel that drives much in today’s global economies – from industrial formulas and know-how, to science pushing both nano and stellar frontiers, to the specialized expertise of diverse professional services firms for virtually every human endeavor.

For many companies, success in a number of areas hinges on continually expanding and sharing that knowledge within the enterprise, not to mention employing the most efficient ways to facilitate that sharing. However, this does not bode well when it comes to cyber security. In Kroll’s experience assisting clients across diverse industries, the greatest threat to an organization’s cyber security is the insider.

As companies allow their people to be “in the know,” with access to intellectual property (IP), confidential information and client-specific data, they inherently leave themselves open to theft by these same insiders. While the threat is pervasive, Kroll has found that companies are most vulnerable in three particular areas.

1. H1B visa workers: When they go back, what will they take with them?

In the pursuit for technically trained professionals to work on their projects, many organizations turn to non-citizen workers on H1B visas to fill knowledge gaps in their employee workforce. The practice is well-established in the industrial and technology sectors, which often derive the added benefit of an outsider’s culturally different perspective. Visas are for a finite duration, however, and companies must be prepared for two eventualities: When workers return to their native countries, what might they take with them? And if they do, what practical recourse does an employer really have? If companies perform any background checks on these workers, and we find that many do not, checks are often limited in scope to educational verifications. Compounding the problem is that customary legal instruments and remedies that can be enforced domestically, such as nondisclosure and non-compete agreements, are effectively meaningless once a worker has returned to his or her native land. If litigation is even a possibility, it is sure to be a protracted and expensive fight, with no guarantees that damages can actually be collected.

2. Independent contractors and temps: Here today, gone tomorrow with your IP?

Like their H1B visa worker counterparts, independent contractors and temporary employees are increasingly being used by companies for strategic staffing purposes. Whether a company needs to supplement a short-term need for expertise or deal with fluctuating business volumes, the use of these workers has delivered both operational and financial efficiencies. Once again, however, a company should be prepared for a two-fold risk.

First, contractors and temps must often be exposed to valuable business information and given access to company systems. Second, and a much more difficult and thorny dilemma to contend with, is that an independent contractor’s most valuable competitive advantage is the knowledge and experience that he or she is able to bring to a client. The ability to rely on and access data or processes that were developed on a previous engagement may prove the deciding factor in landing a new client.

Which brings up another similarity with H1B workers – all these workers usually know exactly when an engagement or project will be over. Impending stressors, e.g., the loss of a job, have long been recognized as triggers for both physical and cyber thefts. It’s not surprising, then, why these categories of workers can be problematic elements in any cyber security equation.

3. Remote employees: What’s accessed at home stays at home?

Technological advancements in both software and hardware have vastly multiplied how and where employees can carry out their responsibilities. From an employer’s perspective, the sea change has proved a boon in several ways, both tangible and intangible. Aside from lowering their capital costs, companies have seen improvements not only in worker productivity but also in being able to recruit top candidates and/or retain high-performing employees virtually anywhere in the world. However, the same technology that facilitates access from multiple devices to a company’s systems and data can leave the door open for at best, misguided efforts to back up work, and at worst, malicious tampering or outright theft. For all intents and purposes, not only are remote workers not subject to the multiple layers of security measures that might be enforced in a physical location – they also often do not encounter significant impediments in how they access, retain, and store company data on their personal devices.

Recognize the Risk From Those in the Know and Manage Accordingly

  • If knowledge is the lifeblood of many businesses today, H1B workers, independent contractors and temps, and remote employees can be the source of internal losses that go undetected until it’s too late. However, the risks posed by each of these groups can be managed. From our experience, Kroll recommends these best practices:
  • Identify and contain sensitive data.
  • Screen independent contractors and temporary workers the same as you do employees.
  • Encrypt or limit the use of remote devices.
  • Establish and enforce consequences for security violations.
  • Engage conflict-free examiners to conduct investigations on malicious insiders who abuse IT systems.
  • Centralize and safeguard computer logs of important IT systems in a restricted-access location.
  • Establish thorough employee termination procedures.
  • Restrict the use of removable media.
  • Run and require acceptance of terms on privacy banners.
  • Back up data.

Learn more about fraud statistics and trends in Kroll’s annual Global Fraud Report.


Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Enterprise Security Risk Management

Kroll’s Enterprise Security Risk Management practice provides expert guidance and advisory services to our global clientele as they navigate the most challenging and emerging security and threat-related issues.