The Reality of Being Blindsided
Most of our work comes from attorneys and long-time business clients, but we also see a steady stream of new companies. Many of these newcomers find us after a painful wake-up call, discovering their private business information has been stolen. They usually only realize it after the proverbial horse has left the barn.
Of course, we step in to help investigate and build their case. But we also try to help these clients get ahead of the next incident. Because without changes, there’s a good chance it will happen again.
The Real Risk Inside the Walls
I speak to groups often about this. For years, most companies have focused on building higher, stronger walls to keep external threats out. But they overlook the vulnerabilities already inside the walls, the insider threats.
The term “insider threat” is accurate, but it needs some explanation. There are different types:
- Malicious insiders, who intentionally steal data.
- Accidental insiders, who might lose a laptop or send the wrong file.
- Negligent insiders, who know they should be careful but aren’t.
Why Culture and Education Matter
One of the first, most important steps to reducing insider risk is creating a culture where employees understand two things:
- The value of the data they handle every day.
- The clear lines between right and wrong when it comes to company trade secrets.
The 2017 SANS report, Defending Against the Wrong Enemy, revealed something troubling:
“Despite recognition of insiders as a common and vulnerable point of attack, fewer than 20% of respondents reported having a formal incident response plan that deals with insider threat.”
Even more worrying, 62% of companies said they hadn’t experienced an insider attack, yet 38% admitted their detection and prevention capabilities were not effective. That makes it clear many incidents are happening unnoticed.
Practical Ways to Protect Your Business
So what can you actually do?
Build awareness and reinforce it
- Use posters or reminders that highlight the value of company data.
- Make sure employees understand that the information they work with doesn’t belong to them, even if they created or developed it. This is critical for sales staff, product developers, or long-tenured employees who might feel ownership is justified.
Set expectations early
- Implement clear policies at onboarding that spell out who owns company data and what happens if someone tries to walk out the door with it.
- Make the consequences obvious.
Keep security top of mind
- Consider a data security awareness newsletter, or include a regular security section in an existing newsletter.
- Try acceptance policies that pop up when accessing sensitive systems, requiring employees to check a box agreeing to terms.
Take It Even Further
From there, you can grow into more advanced protections, like phishing simulations to help employees spot outside attacks. These steps not only protect your assets, they also make each employee more personally responsible if they decide to take what doesn’t belong to them.
The goal is to build a workplace where people:
- Understand the value of the data they handle.
- Actively protect it.
- Encourage each other to do the same.
At the same time, you’re sending a strong message that any release of sensitive information, intentional or accidental, is taken seriously. By fostering a culture of respect, responsibility, and integrity around your data, you protect your business, support your people, and make it far harder for insider threats to take root.
About Swailes Computer Forensics
Swailes Computer Forensics provides expert digital forensic services to law firms, corporations, and organizations nationwide. Our work includes investigations into intellectual property theft, employee misconduct, data breaches, and more. With decades of experience and a commitment to integrity and clarity, we help clients uncover critical evidence and take informed action.
If you’re facing a potential case of employee data theft or have concerns about unauthorized activity, contact us for a confidential consultation.