Posted by SecExtra on February 27th, 2008

The perennial employer problem of staff misusing data they have access to remains a constant, but Tier-3 says, the solution is now in most business manager’s hands.

“A recent Associated Press news report cites the example of a landlord snooping on tenants to discover details of their finances, as well as a woman who accessed her ex-boyfriend’s account after the couple broke up,” said Geoff Sweeney, Tier-3’s chief technology officer.

“Both people worked for a Wisconsin energy utility company and took advantage of their wide-ranging access to people’s data to go snooping,” he added.

But, says Sweeney, just as computers have made it easier for staff to snoop on information they should not be be looking at, so the same technology can be harnessed to beat the snoopers.

“It’s difficult to tackle problem head-on, especially if staff doing the snooping are authorised to have access to the database concerned,” he said, adding that the staff involved are often authenticated users who are mis-using their employer’s facilities.

“By introducing behavioural analysis software to the system, it’s possible to flag up any unusual database activity to the audit team concerned,” he said.

“By automatically comparing each individual data access against a dynamic baseline of previously learned employee behaviour it’s an easy task to spot staff who are accessing data they shouldn’t, in real time and even catch them in the act.” he added.