
Subscribe to
Computerworld
or
Other Spam, Malware and Vulnerabilities Stories
April 06, 2006 (Computerworld) -- A recent case in which an employee at Progressive Casualty Insurance Co. wrongfully accessed information on foreclosure properties she was interested in buying highlights again the dangers posed to corporate security by insiders.
Progressive officials today confirmed that the company sent out letters in January to 13 people informing them that confidential information, including names, Social Security numbers, birth dates and property addresses had been wrongfully accessed by an employee who has since been fired.
Michael OConnor, a spokesman for the Mayfield Village, Ohio-based company, said officials were alerted to the situation when a local woman complained about receiving calls from a Progressive agent inquiring about her house being under foreclosure.
What happened was that the former employee, who purchased foreclosure property, wrongly used the information in a real estate database, OConnor said. Though there was no actual hacking involved to get at the data, her actions constituted a violation of Progressives code of ethics, OConnor said.
We investigated the situation, the employee was terminated, and we alerted the people whose data was accessed, he said, adding that the matter was resolved in January.
Such incidents underscore the threat posed to corporate data by malicious insiders and by workers who accidentally leak sensitive information, said Phil Neray, a vice president at Guardium Inc., a Waltham, Mass.-based vendor of database security products. Most companies have done a good job with perimeter security and are now finding out they need similar controls internally, Neray said.
The trend is behind a growing need for tools that help companies monitor, detect and audit all activity going on inside networks, databases and applications, he said.
One such tool from Reconnex Corp. has been helping Sirva Inc., a Westmont, Ill.-based provider of relocation services with more than 7,000 employees worldwide, keep tabs on its intellectual property and other sensitive data while the company goes through a series of divestitures.
One of the things that happens after a divestiture is that people take the stuff they are working on to their new companies, and Sirva needed a way to prevent that, said Chuck Shmayel, vice president of infrastructure and security at the company. Reconnexs appliance sits at Sirvas network-egress points in each of its four data centers and monitors traffic to ensure that confidential information doesnt exit its networks, either by accident or design.
As a relocation service, we handle a lot of confidential information on behalf of our customers, and we want to make sure it's protected, he said.
Implementing specific controls for monitoring whats flowing out of enterprise networks can go a long way towards mitigating accidental and deliberate data leaks, said Mark Moroses, senior director of technical services at Maimonides Medical Center in Brooklyn, N.Y.
As an entity covered by the Health Insurance Portability and Accountability Act, Maimonides is required by law to have controls for securing protected health information (PHI). The hospital is using Reconnexs appliance to detect PHI leaving its networks in an unauthorized fashion, Moroses said.
From our point of view, the insider threat comes from people either knowingly or unknowingly damaging our reputation by leaking sensitive information, Moroses said. Patients come here for AIDS tests and for pregnancy tests that they dont want to share with other people, he said. A patient is not going to come to our hospital if they think we are not doing everything to protect their information. So our reputation is paramount because it affects our bottom-line business."
|
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
|
|
|
All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone |
|
|
| ||||||||
| ||||||||
| ||||||||
|



| XenServer FREE trial Citrix XenServer is the simplest and most effective way to virtualize and provision servers. XenServer combines comprehensive server virtualization capabilities with unparalleled scalability, performance, economics, and ease-of-use. Based on the open source Xen hypervisor, XenServer delivers fast performance, easy management, and advanced features such as live migration. |

| Try Fluke Networks'
EtherScope Analyzer on your network FREE Quickly solve the wide range of problems you encounter - 10, 100 and Gigabit, twisted pair and optical fiber, LAN or wireless LAN. The EtherScope Analyzer combines the essential tools you need to monitor network traffic and switch interfaces, discover devices, networks, VLANs, access points, mobile clients and more. See the power of this portable network analyzer on your network. Request free trial now
*Terms and conditions: Evaluation units are available only for a limited time and will be scheduled on a first-come first-served basis. Not available in all geographies. Limited quantities available; customers requesting evaluation units may be waitlisted for the next available unit. It will be at the discretion of Fluke Networks to accept or decline requests for this free evaluation. |
![]() |
![]() 2008 Internet Security Trends Report
For a time, security controls designed to manage spam, viruses, and malware were working. Loud, high-impact attacks abated. But, as a result of this success, the threats they protected against were forced to change. In 2007, many of these threats underwent significant adaptation. Malware went stealth, and the sophistication increased. Download this white paper |
Multi-layer Spam Defense Architectural Overview
Today’s spam attacks have become too sophisticated for earlier-generation spam systems. These systems share a common weakness – relying heavily on analyzing content that can easily be manipulated by spammers. State of the art anti-spam systems must go beyond content examination and analyze messages in the full context in which they are sent.Download this white paper |
Data Loss Prevention Best Practices
Data loss prevention (DLP) is a serious issue for companies, as the number of incidents (and the cost to those experiencing them) continues to increase. Whether it’s a malicious attempt, or an inadvertent mistake, data loss can diminish a company’s brand, reduce shareholder value, and damage the company’s goodwill and reputation.Download this white paper ![]() |
| About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map |
|
CIO The Industry Standard |

