By Ron Coates, 26 May 2004 13:30
NEWS Huge webmail storage offers will just offer information thieves a larger swag bag, according to computer forensics specialist ibas.
The classic target for information thieves is the sales database. And until now, it was just too big to slip out in an email. With 1GB storage now available from Google, Yahoo! and Lycos et al, and larger mailboxes promised, the swag bag for any would-be thieves is getting big enough to make it all much easier.
Chris Watson, senior forensic investigator at ibas, said: "It's just an extension of the 'I've been here for 10 years, nobody will mind if I take a few pencils or a packet of stationery or the manual, etc. In the email age, it's easier to slip out what you want."
When it goes to court, this sort of material is IP (intellectual property), which sounds a bit mundane when you still have it, but it's all your contact details, your manuals, your procedures and policies – the basis of your business.
Watson said: "The information belongs to the company. But if you've spent years building it up, you think you have a bit of ownership too. And if you're moving on, or setting up your own company – well, there's no point in writing all this out again – it's already here.
"Earlier this year, we found that the majority of people used email to take information away. Now that there's no size limitation, people don't have to be selective – they can take the whole database. If there's a terabyte of space out there, some day, someone will try it. The system might fall down, but they'll still try it."
Needless to say, ibas is warning companies to start reviewing their internal procedures – especially those relating to emails and internet usage.
"All procedures need to be tightened up. You especially need robust monitoring on your network or you could find huge chunks of data whizzing out on it," said Watson.
Comments
There are 2 comments. Join the discussion
1. Ruprecht
The biggest risk of Terabyte Webmail?...yet another inbox full of crap that you never file/action properly...
One small flaw in the plan to nick a copy of the company database...
All the providers I've used limit the size of e-mail attachements, so unless you've found a clever way to chop the database up and piece it back together the other end it's not really much of a threat.
Most corporates have a maximum mail size restriction in place for outgoing as well as incoming mail.
If you'd figured out how to do this you'd also be aware that removing the pieces over time using a USB 'key' or CD's is much less likely to be detected.
Or of course just copy the data to your laptop, take it home connect to your home network and copy the data off.
Yes, you can remove a much larger number of useless documents to clutter up the filing system of your new business but you could of course just do it properly this time around rather than adopting the lame arse, inefficent methods of the place you just left because nothing worked properly... ;o)
R
2. anonymous
Nicking Databases????
Recruitment Consultants (Agents) have been doing it for years..
They take their existing contractors and customers with them when they either set up on their own or go to another company.
It is (sometimes) a prerequisite of an agent that, when joining a new company, they are obliged to bring with them a list of new leads, both candidates and clients. Therefore it is condoned.
So, when a salesman leaves a company for another, it is a natural extension that they will take all their customers, leads and clients with them. After all, they dont want to miss their targets and lose their bonus.
As for data protection, ask them if they care.