"Spam Surge": How CleverControl Uncovered Customer Database Theft

Facing a potential PR crisis and loss of customer trust, the CEO decided to use employee monitoring software to track employees' work activity. After researching solutions focused on user activity monitoring and data protection, she chose CleverControl for its extensive monitoring capabilities that could help in insider threat detection.

Key CleverControl features used by the company included:

1. Live Viewing: an opportunity to view employees' screens in real time could help catch the culprit red-handed.
2. Screen recordings: these recordings allowed a quick review of each employee's workday, which could reveal suspicious activity.
3. Screenshots: since the software takes screenshots when the user switches windows, visits a website, or copies something to the clipboard, it was highly probable that the moment of data theft would be captured. Besides, screenshots offered a quicker overview of the employee's day than screen recordings.
4. Application & website monitoring: tracking these could help understand employees' workflow and reveal if someone was using unauthorized file-sharing services or email clients.
5. External storage devices monitoring: the company needed to know if anyone copied the customer database to a USB drive or other external storage device.
6. Email monitoring: in case the database was leaked through email, CleverControl would record the leak.
7. Face Recognition: this feature could reveal who got access to office computers, especially those with access to customer databases.
8. Video and sound recording in specific office areas with proper notifications: capturing audio near workstations could potentially reveal verbal communications related to data leaks or unauthorized discussions.

The CEO, working with the IT manager, implemented CleverControl on 17 office computers. They checked the employees' activity daily, looking for a potential data leak.

In a few weeks, they noticed a log of unusual activity on a customer service representative's computer. It was active long past his usual working hours. The CEO and the IT manager focused their investigation on this activity within CleverControl, and here is what they found:

1. The external storage tracking log recorded the connection of a USB drive to the representative's workstation.
2. Screenshots and screen recordings showed that the user exported a large CSV file from the customer database folder to his desktop. He copied the file to a USB drive shortly after.

When the CEO confronted the customer service representative about that suspicious activity the next day, he denied all charges. The employee insisted that he was at a bar with a few colleagues at the time of the incident, and the colleagues confirmed his words.

Fearing that the problem might be worse than expected, the CEO checked CleverControl's face recognition logs. Luckily, the representative's computer had a webcam, and the feature was enabled on it. CleverControl showed a facial recognition match for a marketing assistant who worked in a different department and had no legitimate reason to use the representative's workstation. The match and the video captured from the webcam confirmed that the assistant was using the computer at the time of the incident. Further investigation of activity from the assistant's computer showed that she had been browsing job posting websites during work hours in the days leading up to the file export. She seemed to look at roles in competing online retail businesses specifically.

The data collected by CleverControl detected an insider threat. The marketing assistant was responsible for stealing the customer database. The file export, USB transfer, after-hours activity, and job searching pointed to a deliberate data theft attempt.

When presented with the detailed file activity logs and USB connection records, the marketing assistant confessed to downloading and copying the customer database. She knew the customer service representative often forgot to lock his computer and grabbed an opportunity to steal sensitive data. The assistant did it a few months ago and intended to sell an updated database to a competitor to supplement her income as she was looking for a new job.

The marketing assistant's contract was terminated immediately, and the company started exploring options for legal action against her. The company also notified affected customers about a potential data leak and explained what they had done to secure data and prevent future incidents. They also offered complimentary bonuses for affected customers as a goodwill gesture.

The CEO also implemented stricter access controls to the customer database, multi-factor authentication, and enhanced employee training on data security and ethical responsibilities.

CleverControl played a vital role in insider threat detection in this case. It provided the evidence needed to quickly identify the data thief and take quick action to mitigate the damage and prevent future incidents. Besides, this case emphasizes that relying solely on file logs or activity tracking might be misleading. Face Recognition served as an extra recognition layer and helped identify the actual user who committed the theft. CleverControl proved invaluable not just for security monitoring but also for ensuring fairness and accuracy in internal investigations.