Employees come and go – but in this case a departing employee took thousands of confidential supplier and customer records from the sports-apparel firm Fanatics when he left to join a rival company.
How did he do it? It wasn’t an elaborate hack. He simply grabbed one of Fanatics’ own flash drives and copied the data from his password protected company laptop. He planned to share the data with his new employer. And because Fanatics is a $3 billion company, the stolen data was worth a lot.
This type of employee behavior is difficult to monitor and control – unless you have a MicroData Managed Service Plan. Every MicroData MSP includes our exclusive Ransomware Guardian toolset that lets you implement a variety of user controls including the ability restrict the use of Flash drives on a company, group, or individual basis. And yes, it also includes the ability to restrict the use of web-based file sharing services like DropBox™ and OneDrive™.
If your current provider or IT system doesn’t have these types of security tools, give us a call and enjoy the peace of mind that comes with the latest in IT protection .
I was just reading a fascinating story on the U.S. Dept. of Justice website about a bank robbery and there’s a lesson in there for all of us about IT security. What made this story so interesting wasn’t the use of Mission Impossible-like technology or swarms of armed criminals, but exactly the opposite. Low tech, physical theft by one guy with a wheelbarrow. I’m not kidding.
Over a 2-month period, the defendant stole over $200,000 in quarters from a Federal Reserve coin storage facility at an Alabama Brink’s facility where he worked. He had noticed that the quarters were stored in ballistic bags – think large duffle bags – so he grabbed 4 empty bags, filled them with beads and just enough quarters to show through a small plastic inspection window, then he put them on a skid swapping them for legitimate bags full of quarters.
The lesson for IT? Don’t neglect physical security of your IT assets. Ask yourself how hard it would be for someone who gains access to your facilities to simply pick up a computer or server and carry it off. This is exactly why part of every yearly required HIPAA audit is to verify the physical security of key data processing equipment.
If you have any questions about your IT security – physical or electronic – we’d be glad to help you out. Get in touch here.