|
|
|
In
February, 2007, Prasanth Indulkar an employee of Videsh Sanchar
Nigam Limited was arrested on charges of industrial espionage.
It was alleged that over the past several months he had been
transferring sensitive information to a senior executive in
Reliance Communications through e-mails and pen drives. Experts
felt that such incidents of data theft by employees were nothing
new with the growing use and widespread availability of portable
IT devices such as pen drives, PDAs, etc.
|
They said that even popular gadgets like the iPod and other
MP3 players, digital cameras, and smart phones could easily be used to steal
data by employees as these devices came with a plug-and-play facility coupled
with a large storage capability.
Data theft has emerged as a key challenge for all organizations, irrespective of
size, industry sector, and location.
Companies operating in the IT and ITeS outsourcing sector have been among the
worst hit. For instance, in the mid 2000s, the reputation of India's BPO sector
suffered due to incidents of employees stealing sensitive data.
A Forrester Research report in 2005 had warned that such incidents had the
potential to curb the booming Indian BPO sector by 30%.
Even non-IT companies have woken up to the data security threat posed by
portable IT / communication devices. In 2005, a data security expert in the US,
Abe Usher, first coined the term 'pod slurping' to describe the stealing of data
through portable devices such as iPods, pen drives, etc.
To put forward his point devices like iPods posed a serious threat to data
security, he developed a proof of concept piece of software, Slurp.exe.
When connected to the organization's network, iPods loaded with this software
could automatically search and copy large quantity of corporate data on to the
iPod that had a 60 GB hard drive.
With most sensitive data now being stored in electronic format, such files were
at the risk of being 'slurped' by unscrupulous employees.
In addition to data theft, disgruntled employees could publicize sensitive data
to embarrass the organization or upload a virus and other malware into the
corporate network.
Even honest employees could unwittingly upload a virus into the network while
connecting their devices to the network.
Experts noted that organizations which until now had focused on perimeter
solutions like anti-virus software and firewalls to protect their networks would
have to contend with the potential challenges posed by pod slurping.
In addition to being a problem for security experts, pod slurping also posed a
HR dilemma as it was difficult to prevent employees from bringing these portable
devices to the workplace with many HR departments espousing the concept of 'fun
at work'.
|
