When it comes to data protection and guarding sensitive information from being leaked, most organizations have policies and tools in place designed to defend against malicious outsiders. The reality, though–which is demonstrated time and time again–is that authorized users on the inside pose a much greater threat.
A manager of an H&R Block tax preparation office in California was arrested for stealing the identities of H&R Block clients and filing fraudulent tax returns on their behalf. A post on AccountingToday.com about the incident states, “He prepared bogus tax returns in their names designed to obtain tax refunds and credits, according to prosecutors, and then used H&R Block Emerald Cards to withdraw the fraudulently obtained refunds from automated teller machines.”
You should have tools and policies in place to guard your data against unauthorized access from the outside. But, don’t forget that authorized users are in a position to intentionally steal or compromise data, or inadvertently share or expose it. You need to make sure you have tools in place to monitor and defend against data leaks from the inside as well.