Cyber crime is right under your nose
By Nick Easen for CNN
If you are sending work related files to a personal e-mail account you could be breaking the law.
ON CNNI TV
for Global Office show times on CNN International.
(CNN) -- A company's worst nightmare is when a trusted employee with access to sensitive data simply vanishes. It gets worse when the employee turns up at a competitor's firm.
Security is now a key topic on the boardroom agenda, with more CEOs and technology officers taking a proactive approach to electronic espionage, viruses and hacking.
Cyber crime is even the U.S. Federal Bureau of Investigation's third highest priority, after counter-terrorism and counter-intelligence.
It is not surprising when this kind of activity costs American business an estimated $14 billion annually, according to the American Insurance Association (AIA).
A number of governments have Web pages dedicated to cyber crime. Now management teams are beginning to realize that the biggest threat is sitting right in front of them.
"Enterprises surveyed in (one) report actually put insiders as their prime security risk -- not external threats," Simon Harriss from Accenture Consulting told an Economist conference on cyber security in Hong Kong last year.
Recently a British court found that top bosses at an engineering company had copied hundreds of crucial drawings from a computer before quitting the firm.
Later the same individuals turned up at a new company making products apparently based on the same computer aided designs.
"It was obvious to me that they had copied these drawings. And knowing that they had copied them they could really only exist in electronic form," Tim Allen, director of MJ Allen group, told CNN.
Luckily for Allen, the court approved a raid on the suspects' premises so that the computer's hard drive could be examined for electronic evidence.
The drawings obtained in the raid matched the originals, right down to the last technical details.
Names were changed but buried deep in the binary data -- the 0 and 1 code -- of the file was the original.
"When (we) converted it, we found that in this document we have the words "British Midland tools," which is a bit more than just a coincidence," says Tony Dearsley of Vogon, a company that specializes in computer forensics and data recovery.
But investigations and legal proceedings do not come cheap and there is also the blow to a company's reputation when it admits it made a security blunder.
In this case the court awarded Allen substantial damages. He says it was worth it, but only just.
"I just about recovered my costs... but I just could not allow myself to rest knowing that this business had effectively been stolen from me," says Allen
Luckily the data in the Allen case was not compromised, but Dearsley says data can be altered when IT departments carry out their own inquiries, which hinders expert investigations.
"There are people who want to have a look at these things before they refer them for professional advice. We do get cases where people have trampled all over the evidence," he explains.
It is often harder to win a court case when electronic proof has been tampered with and authorities may not be able to prosecute the culprits.
Experts advise putting in encryption systems and stepping up security on core information assets.
Many businesses still wait for a security breach before focusing on and updating their own system defenses.
"That could be a very costly mistake... vigilance is key," notes Eric Goldberg from the AIA.
Andrew Brown contributed to this report for CNN