How to find out who is leaking information to competitors in a company

Apply for SearchInform DLP TRY NOW

Before you identify a person who leaks information to competitors, you need to know that no company is immune from this. According to research by SearchInform, in 2017, one in five companies in Russia suffered from data breaches. In 48% of cases, information was leaked through the fault of ordinary employees of the company.

Ways to identify an insider

Every company should have a means to protect information from disclosure to unauthorized persons. It is also necessary to monitor the actions of employees who can interfere with protective mechanisms and steal information. The methods for detecting possible spies are as follows:

  • Assess which employee is overworking and taking overtime. If an employee is constantly delayed at the workplace, comes to the company outside of working hours, it is worth thinking about the reasons for this behavior and following the employee's further tactics. It is important not to rush to conclusions about espionage, since an employee may turn out to be a conscientious person, and the actions of his superiors will destroy hard work.
  • Check work computers on a common network or each separately. It is recommended to do this outside office hours. If a large amount of different information about the company is found on a corporate computer, then you should suspect the employee of accumulating unnecessary data. The company must have access to all media in order to monitor the work of people and study their actions in case of suspicion.
  • Find out if the employee is breaking corporate rules. Secret files may be needed to leak information; an employee may be sitting on unauthorized sites. The way to expose this behavior is to monitor network activity. There is special software that intercepts messages in instant messengers and social networks, allows you to evaluate and analyze information flows.
  • Find out if the employee is not seen in extraneous relations with competing firms. This method of identifying an insider can only work with a limited number of people. It is time consuming as well as costly. It is possible to monitor only those close to the superiors for information leakage.

Do not forget that employees may leak information through no fault of their own, but rather due to inattention, non-compliance with safety rules, and misunderstanding of tasks. In this case, you can reprimand the employee or train him to act more carefully. Such situations are most often observed among junior staff. Therefore, it is important to conduct explanatory conversations with employees of all ranks for preventive purposes.

What to do if an unscrupulous employee is identified?

As soon as a person appears in the company, leaking information, this is reflected in the economic performance of the company. Activities become less productive, the company loses profits for no apparent reason, and competition grows sharply. After identifying a spy tracking information within an enterprise, the following steps should be taken if possible:

  1. Permanently terminate access to the remaining information. It is important to keep track of the item, as there are situations in which former employees disclose classified information after being fired. The common database of documents and information should be regularly updated, and only working employees should have access to it.
  2. Make sure that the information that was disclosed was confidential. There are times when employers and owners forget to set privacy boundaries. This should be discussed in advance with employees when applying for a job, as well as prescribed in contracts, job descriptions. In the case of a clear recording of prohibited or limited information, the owner will have legal leverage and the possibility of punishment after disclosing the data.
  3. Analyze the damage from disclosed information. It is important to estimate the approximate loss of reputation and material losses. It is worth considering the desirability of a full-scale campaign to protect information, as well as to punish those responsible. If the losses are small, then you can close the leakage channel and fire the employee without drawing additional attention to the incident.
  4. Notify your partners about the leak and its possible consequences. Do this as early as possible after the incident.
  5. Initiate an internal investigation. Initially, the identification of an employee or several employees should not be advertised. You can have some informal conversations, "collect rumors" around the office. It is necessary to hear the opinion of a large number of people, this will help to understand the reasons for the act and, possibly, point to an insider.
  6. Attach a trusted person to the investigation. The informant must be disinterested and not subordinate to either side.
  7. Only after identifying a spy employee can an objective assessment of what happened and try to spread it in the media or on the company's website, on YouTube. The company should not make excuses, it is advisable to present information as neutral as possible, and also report that all security measures have been taken and strengthened. You can present information as an unauthorized attack by opponents. If the details of the disclosed data spoil the reputation of the company, then it is recommended to arrange the case as if an information attack was carried out on the enterprise through the fault of competitors, and all the facts presented are an absurd invention.
  8. Block the source of information leakage. For example, it is not recommended to work on a computer or storage medium from which the leak has occurred. The device must be sent to a specialist to determine the extent of the disclosure of data, as well as to detect vulnerabilities and further protection. It will be possible to present it at the trial as material evidence.
  9. Install a security system, such as DLP, that analyzes the sending of all files by email so that no one knows.
  10. Sign an NDA agreement with all employees of the company, indicating the preservation of confidentiality.
  11. Additionally, make paper copies of documents. The program that issues copies remembers the time and date of issue, after which it will be possible to calculate which of the employees has shared a copy of the papers with competitors.

Company сases

From each situation of information leakage, you can find a rational way out, both in the case of material losses and in the loss of reputation. For example, the head of an online English school has encountered data leaks on several occasions.

Once on the Internet, information appeared about the company's shortcomings and shortcomings, as well as about mistakes made in teaching methods. The firm could not find the attacker who released the data, but decided to get the opinion of ordinary users. The company consulted with the public on how these deficiencies could be addressed. The firm received a large number of responses and feedback, and also showed people that their opinions were taken into account. The information leak was a useful impetus for further development.

In the second case, the firm was developing a new type of service. But at the last moment, the information leaked through the fault of one of the company's employees to competitors, after which the product of the developers was released by both companies at the same time. Therefore, our organizations decided to join forces rather than dividing the consumer market in half. Sometimes it is more profitable to merge with competing firms than to compete.

In most companies, former employees often unite against the firm. A group of top managers, who were fired within a short time, were assembled into an independent organization, competing with the old place of work. And some of the employees who remained in the old place began to leak information to them. After calculating the group of spies, it was decided to supply them with false data. As a result, the new company went bankrupt and closed.

Prevention of insider activity

It is necessary to deal with the protection of information. It is easier to restrict access to important information than to search for an employee who leaks data to competitors. For preventive purposes, you can use such simple methods as:

  • regular checking of all corporate activities at the computer (e-mail, instant messengers);
  • control of software installation on all media;
  • restriction or protection of the use of portable channels and information storage devices;
  • tracking the activity of copying equipment;
  • differentiation of the activities of employees and their access to information.

After identifying the person leaking information, it is necessary to apply a rational punishment to him. Most companies fire such an employee with negative personal profiles. Insiders not only reduce the company's productivity and profitability, but can also lead to bankruptcy of the owner of the enterprise.