Data leaks happen - then what?

Monday - 1/17/2011, 9:40am EST

Rodney Joffe, Senior Vice President and Senior Technologist, Neustar

Click below to hear the interview

Download mp3

By Suzanne Kubota
Senior Internet Editor
FederalNewsRadio.com

Agencies face cyber threats from all sides now. It's not just outside hackers that pose a threat.

Internal threats can be just as devastating, if not more.

Rodney Joffe, Senior Vice President and Senior Technologist at Neustar, told Federal News Radio the biggest insider threat isn't the technology. "It's almost always a human problem," said Joffe.

Choose your employees carefully. Run those background checks, then make sure you provide training on the impact of losses. "One of the best things that managers can do is to get employees to understand what the real impact is when you lose."

Then, said Joffe, make sure when you have security processes and training in place, "you pound the impact into employees and you make sure that they comply." Joffe said he has repeatedly seen that after a certain amount of time, employees start to take shortcuts, like not locking computers, and managers allow it.

Then there's the idea of slamming the lid down. "I think one of the things you really have to think about as a manager," said Joffe, "is being able to protect the data itself on a need to know basis. I mean we laugh about that in the classified world; 'it's need to know.' But that's really very important. Most data is easily identifiable in terms of who should be aware of it, so restrict who knows about it. Restrict who has access to it. And make sure you keep it like that."

After all is said and done, said Joffe, understand that the best you can hope for is to lessen the threat. "You can have the best background checks in the world, things are going to happen."

You really have to start from the point of view that with everything in place, if you follow all the rules and all the regulations and all the best practices, you will still have leaks. What you really need to do as a manager is, once you accept the fact that one day you will have a leak, you want to make sure you have processes in place to detect the leaks and to mitigate the damage as soon as possible.

Joffe made it clear he wasn't just talking about your network detecting the leaks. "I've yet to see in any of the meetings that I go to where employees who are trusted employees actually get checked for taking equipment or data out of premises. You can't do that. So even though you may have systems internally to detect leaks that go out from a network point of view, you really have to take care of the physical side of it, and the human side of it, and I don't know how you do that."

For more, including why monitoring in the outside world is important, listen to the entire interview at the top of this page.