chron.comNews, search and shopping from the Houston Chronicle

 

 

 

Employers boost efforts to fight growing online threat from within;
Workers can breach security knowingly or not

 

KATHERINE WEGERT

 

June 26, 2007

Jane Terry has done more than her fair share of e-mail policing.

As president of Santa Ana, Calif.-based manufacturer Ajax Boiler, Terry has on two occasions caught employees breaching network security.

While testing a new company software system, she stumbled upon a staff member bringing a rival's proprietary information into Ajax's system.

Terry spent $6,000 fixing that problem, and hundreds more when a senior manager at the 100-employee company hacked into the network of a former employer, with whom he was involved in a lawsuit.

"We found him reading the HR manager's e-mail," Terry said. "He was involved in a lawsuit and was probably looking for information on it. It was unbelievable."

Both staff members would have escaped notice if it weren't for a recent upgrade to Ajax's security software.

The product, made by Vero Beach, Fla.-based SpectorSoft Corp., essentially records everything employees do on their computers, including Web sites they visit, time spent looking at sites, e-mails sent and more.

The greatest risk to company security now comes from within, security analysts say.

In the past, the threat has been mostly from spammers and hackers.

Market to expand

The market for such security systems is predicted to grow from $919 million to $2.8 billion between 2005 and 2010, according to research firm IDC.

As monitoring technology becomes increasingly sophisticated and widespread, some argue that employers should respect their workers' privacy.

"Businesses have their concerns, and they're legitimate," said Jeremy Gruber, legal director at the Princeton, N.J.-based National Workrights Institute. "But what we need is regulation. We need to see companies balance their concerns with their employees' privacy."

Even well-meaning employees can cause data-security problems.

According to the Privacy Rights Clearinghouse in San Diego, earlier this year the personal information of 302 households - including names, addresses, birthdays and family income ranges - were posted on a public Internet site several times over a five-month period when employees at the U.S. Census Bureau tested new software while working from home.

Breaching other systems

Employees breaching another company's network, as in the case Terry dealt with, also put businesses on the defensive.

"Monitoring is becoming more prevalent now than it has been," said Peter Firstbrook, an analyst with information technology consultant Gartner, adding that the insider threat and compliance issues are driving the growth.

"People sending things to themselves or stealing intellectual property is a real concern."

That's why analysts say that it is important for businesses to keep up with what's new, and pick technology that can monitor, filter and block access to inappropriate Web sites, as well as purge e-mails and instant messaging systems.

"You want to monitor your existing technology, but you need to stay up on what's new - especially if you have a young work force," said Nancy Flynn, executive director of the ePolicy Institute.