If someone important tenders their resignation tomorrow, would you be able to see if over the last week he has been siphoning off confidential information from your network to use at his next job? Do you ever give exit reports on what information that person had access to while with the company, even if you couldn’t tell what he did or did not copy? I’d consider these important, but fairly advanced questions for a security team to ask.
A former Ford Motor engineer has been indicted for allegedly stealing thousands of sensitive documents from the company and copying them onto a USB drive before taking a job with another auto company.
This happens. It happens a lot, and has always happened. Technology has just made this easier, larger in scale, and trackable (even done remotely over VPN!). This is one of those dirty little secrets of salesforce hiring and even some executive job-hopping (what can you bring with you to us? is an oft-unspoken question).
No matter how many times you say this ahead of time, this is something that is never acted upon until after the fact. I’ve been in too many conference rooms where this sort of possibility had been discussed 6 months previously, and then when it actually happens, the question goes out…can we see what they accessed over the last week? Well…no…you can’t, because all of the things you would have needed to have done, the person asking the question said we couldn’t do.