• United States



sarah d_scalet
Senior Editor

The Insiders

Sep 06, 20012 mins
CSO and CISOData and Information Security

It happened again: an employee with access to confidential information admitted that he had used his company’s computers to steal secrets, which he then sold for thousands of dollars.

In this particular case, reported in Wednesday’s New York Times, the company was the FBI, and the employeeformer employee, to be precisewas a 51-year-old low-level security analyst named James J. Hill. In federal court, Hill admitted that he used FBI computers in Las Vegas to access documents covering cases from mortgage fraud to marijuana trafficking, which were later sold to mob figures, criminal defendants and others. Hill wasn’t a hacker. He simply took the documents without permission.

Whether it’s dishonest employees or disgruntled ones, insider security breaches are less glamorous but far more common than drive-by hacker attacks. What’s worse, they feed on yet undermine something crucial in every good business relationship: trust. Companies need to trust their employees, and productive employees need to be trusted. But right now, nervous companies are sending mixed signals about how far that trust should go and what it should entail.

Consider this. In a recent survey by CIO, only one-third of respondents said that critical business information was restricted to a confined area, separate from information that requires less security. Inside the firewall it’s free goingthere’s very little in the way of access levels and compartmentalized data. Meanwhile, companies are spending their time watching employees’ every step on the Web. In a recent survey done by the American Management Association, 62.8 percent of respondents said their companies monitor Internet connections, mostly for legal, security and productivity reasons.

On one hand, companies are doing little to keep honest people honest. On the other, they are doing much to make honest people feel like criminals. The end result? Wasted time, and trust in all the wrong places.