Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nine Ways to Stop Industrial Espionage

Posted by ryuzaki0 on from the just-unplug-em dept.

An anonymous reader writes "IT staff are in the unique position that if they are nosy, immoral, greedy or corrupt that can get at what they want within their company at the touch of a button. The corporate crown jewels are usually left open and exposed to the IT guys. So how do you protect your corporate crown jewels from staff that can so easily be bribed to steal them and hand them over to a competitor?" I can't imagine having to be paranoid about employees. That seems to me to be a bigger problem than hardware.

6 of 351 comments (clear)

  1. Baby sitters don't work by evought · · Score: 5, Interesting

    When I was waiting for my TS clearance while working at the Pentagon (I had an interim clearance), I had to have an air force officer shadowing me the entire time, including, at points, typing for me as I dictated. The officer in question was not an IT person and had no idea what I was doing (or was supposed to do) with the UNIX systems under my care.

    I could have typed, or told him to type "cd /; rm -rf *" at any point, or done many more subtle things, especially since I had to create accounts and such for Oracle or other applications.

    In the end, the only way you can police your IT people is to have IT people you can trust, which means that the managers have to know enough IT to know what is going on and what it means without micromanaging. Very few managers have that ability. Very few IT people have the management ability to cross-train into a high-level manager. I, myself, had to bring in someone else to help with the business/finance side when running my own company. I knew what I was doing but was simply not as good at the business side as the IT work and sales.

  2. Re:Your staff are the jewels... by TheCarp · · Score: 4, Interesting

    There is something thats often overlooked. Good leadership is important. You will normally hear me ranting about the pay disparities between the top and the bottom, and I am not backtracking here, I don't think anyone should be getting multi million dollar salaries... but all that aside...

    Bad leadership is worst than none. Good leadership is important. Good leaders, team leads, managers are people who make you not just work, but actually WANT to work for them. People who you can be like when everything else hits the fan, its not just that you care about your job, but you actually respect them and want to work because you know they will get shit if you fail.

    Pay is nice, but its community and social pressures that people really respond to. Its that "we are all in this together" attitude that binds a team together and makes them really get the job done. I think the most important aspect of a leader is the ability to catalyse that in his team.

    The best defense against this sort of thing is teams that are close enough that no member would betray the team because, they would be betraying people who they respect.

    This is one reason why I like working for nonprofits that are doing things that I like, where I can get behind the corperate mission and be proud to be a part of what we are doing. Hence, I work in healthcare.

    -Steve

    --
    "I opened my eyes, and everything went dark again"
  3. Threaten them, use spikes, seeds by dindi · · Score: 5, Interesting

    The casino, bookie guys do not need rules and regulations. Feel free to take their data (usually cystomer lists), it is full of spikes/seeds (phone numbers, email and land addresses that belong to the owners), so when the data is sold and used (callcenter, email spam/etc) the mails get back to you.

    Then the death squad goes after the techs and asks some unconfortable questions, talk about broken kneecaps and burning family houses.

    Heck, you can even seed different addresses for each admin (if one is doing the mailing, the other only sees the SQL tables)...

    If you think it is science fiction, or fear mongering, come and work for a casino in any Central AM country...

    I personally left a place because I was scared - higher staff was regularly followed, I heard bad things about the company, and we had more and more armed people at the entrance. I also heard (from my colleage), that our previous sysadmin was chased down the street by the neighbour casino owner with a gun in the hand, shouting "I kill you bastard" over some customer list that the guy "administrated".

    Want 1st person experience: how about police calling me, that a gentlemen wants to talk about one of our employees, who supposedly stole data from a caribbean country's casino. The guy looked like a headhunter/killer to me, who kept calling me for 2 weeks, every day, offering more and more for the person's address or any tip where the person could be met (killed??). And that was back in Europe, and the guy came from the islands .... so he was pretty determined.

    Oh well you can make some other measures, like at one place, they sniffed all IM traffic, read all emails, and made it forbidden to take anything into the office. First usb drives, cds floppies. Later cell phones, walkmans, ipods. ANYTHING. They were as well beleived to go thru the lockers.

    Of course I cannot (and do not want to name people, places, etc). All I can say, is that I am done with that industry, even though they pay a lot better than others in southern countries.

  4. Re:Bribed by crakbone · · Score: 4, Interesting

    I worked for a company that said if you get bribed keep the money and turn in the person bribing you. If the charges stick you'll get an additional $1000.00.

    I never got bribed. I was hoping all the time.

  5. My workplace is schizoid about trust by rbanzai · · Score: 5, Interesting

    At my workplace management has so many conflicting opinions on internal security it's laughable. When I was brought in as IT Manager I couldn't even get admin access to anything because my boss didn't know who I was (even though he's the one that hired me.)

    Instead he let the outside I.T. consultants have complete control. My experience and professional references were to no avail. It was three months before I got a key to the server room, and this is in a small, 50 person insignificant business. All the while the outside consultants (who retain full remote access to all systems and networking equipment) could do whatever they want.

    The network drives were wide open among departments. No restrictions. Performance reviews, salary spreadsheets were all available to the entire staff with the thought that "no one knows the files are there so it's okay" was good enough.

    When I suggested that we could start locking down departmental network folders to restrict access to sensitive data it set off a freakish firestorm of discussion about who could be trusted for these special folders. But... the whole time they'd been wide open! Now suddenly it was an emergency to lock them down and no one could be trusted with the data.

    Later on my boss was working on a business pitch in Word. He'd brought in a temp to help with the layout and now he wanted to give it his own special touch. But he was having formatting issues. He wanted my help, but.... I couldn't look at the document!

    He said it was sensitive and he didn't want me to see it but at the same time I had to diagnose his formatting problem and tell him how to straighten it out. So it was okay for a one-day temp to see it, but not the IT Manager that he himself hired that has responsibility for protecting all of his data.

    A few more months and I'm out of here. It's the craziest place I've worked, and I used to work at an urban police department so I've seen crazy.

  6. Trusting the temps by Simonetta · · Score: 4, Interesting

    I worked as a permanent temp in a Hewlett-Packard printer factory in Camas, Washington. I was in a room with a loading dock all alone with about a thousand printers, brand-new, boxed and ready-to-ship. My job was to select several printers a day at random and disassemble them so that the parts could be used to make prototypes of new printers. It was cheaper to hire a permanent temp employee to disassemble printers than it was to fill out the paperwork to get the parts from the assembly line before they were made.
        Anyway, I put a picture of Claudia Schiffer in a evening gown on my PC as background wallpaper. A few days later I get escorted by an armed guard to the human resources office about a kilometer away and get fired for 'creating an environment conducive to sexual harassment'. Since I had all the codes and badges to access the loading dock, I was tempted to just rent a truck, drive up, and take all the printers and either dump them in the ocean or sell them myself. Of course, according to Hewlett-Packard, I was 100% trustworthy because I passed a marijuana piss test so I was beyond suspission were the items to be found missing.
          I didn't steal anything from them, but I was tempted to because I was so pissed at them. Of course, it came as no surprise to anyone that a few years later the morons who run H-P would just roll over and let Carly trash the entire company to the point where they felt relieved that they could finally get rid of her by giving her 28 million dollars to just...go...away.
          So, a word to the wise young people, don't work for insane morons like Hewlett-Packard if you want to have a long and prosperous career in the IT or electronics industry. Choose your employer carefully; believe all crazy rumors about your company management, study Dilbert seriously, be flexible, and always ready to just jump ship at any better job offer. The old mentality and social contract between employer and employee is over.