Most organisations have some sensitive data, but some such as financial services, health and government, hold significant volumes of customer data which, should it fall into the wrongs hands, could be used for a number of different illegal activities such as fraud, bribery or public disclosure.
Whether acting as an individual, in concert with other parties or having been placed in an organisation by organised crime, the trusted employee has access to name, address, bank account and depending on the nature of the firm significant volumes of other key data.
This could be sufficient for a complex account takeover used as part of a larger fraud, the changing of account details e.g. address or beneficiary account information, or the skimming of funds from dormant accounts.
The challenge for organisations is to establish which staff might be looking at information, even if not making a formal change or undertaking a transaction. In such situations most systems would not generate any “log entry” making it impossible to know who had seen which data.
In isolation it can be useful to be able to confirm that someone has viewed key data – but only as part of a retrospective enquiry. What is more powerful is to be able to compare behaviour between staff to receive proactive alerts on which members of the team are acting differently to their peers – and thus a more formal investigation can be undertaken proactively.
We provide a numbe of complementary solutions which can be tailored to your organisation's specfic needs.
Vigilance Pro can monitor all activities that your staff undertake on their desktops or laptops and can provide alerts, in real time, should they be undertaking activities which are imappropriate to their role. It is also possible to restrict data being taken out of the organsation and even delete confidential data on a remote laptop.
For organsations with enterprise applications which are accessed by staff eg call centre and processing activities then Intellinx can provide real time alerts on potential data leaks.
It is also essential that internal or external staff that have access to servers for management purposes are also monitored. ObserveIT can provide a comprehensive audit of such activity.
