Telltale Signs of Data Compromise

Data Compromise doesn't need IBM's $10 Billion MachineA Watch List Guide

During 2011 alone, over 232 million people were victims of identity theft or exposure due to a data compromise with personal or business networks. This past holiday season Target stores had a data breach affecting 40 million consumers. One of the primary reasons hackers or others breach systems is to mine data for fraudulent purposes. Companies can protect consumers by being vigilant about data security and monitoring systems to catch a breach as soon as possible.

Unusual Activity on Accounts

Banks and other financial service related organizations should review data about consumer log-ons for online systems. All companies should audit employee system activity on a regular basis. Some activity can be an indication of a data compromise, including:

  • Accounts being active at inappropriate times of day

  • Log-ins from suspicious or strange locations

  • A sudden and substantial increase in activity for one person

If a bank sees that a customer who lives in Texas is suddenly logging in from overseas, it’s worth a call to the account holder to verify things are on the up and up. If your business runs a daytime shift and no one logs in remotely, nighttime activity should cause alarm.

Increased Server or Network Demands

Sudden stress on your server or network could indicate hidden programs are running. Increases in HTML response sizes, database read volume, and outgoing data are all signs that someone is siphoning information from your system. Make sure all sudden increases are explained by actual business activity. Similar signs of trouble include a large number of queries for the same file and information existing in the wrong place.

Unexplained User Profile Changes

Unexplained changes in user profiles — especially regarding how an employee accesses the system — can be cause for suspicion of a data compromise. Mobile devices are especially susceptible to hackers, so organizations should audit devices with network access on a regular basis and ensure the profiles and set up haven’t been changed from enterprise defaults.

Lastly, if you have any paper with sensitive information it should be professionally shredded. Ensure that employees have locked document bins or consoles to store paper awaiting shredding. What other telltale signs would you add to this list?