垃圾邮件。我们的客户是一家规模不大但不断发展壮大的在线零售商,专营手工家居装饰和定制礼品,这个四个字母的单词威胁到了他们的整个品牌。该公司以其忠实的客户群和对每位客户的个性化服务而自豪。
后来,这家网店开始收到客户的投诉,称收到垃圾邮件和电话。这些垃圾邮件经常提到他们过去在该零售商处购买的商品。可以理解的是,客户对自己的联系方式泄露感到愤怒和担忧。
The company initially suspected a general data breach or server vulnerability; however, nothing suspicious was found during extended security checks. The CEO's next guess was an insider threat since the data leak seemed targeted and specific to customer information. Someone within a company with access to the customer database could be responsible for the incident.
解决方案
Facing a potential PR crisis and loss of customer trust, the CEO decided to use employee monitoring software to track employees' work activity. After researching solutions focused on user activity monitoring and data protection, she chose CleverControl for its extensive monitoring capabilities that could help in insider threat detection.
该公司使用的 CleverControl 主要功能包括
- 现场观看: an opportunity to view employees' screens in real time could help catch the culprit red-handed.
- 屏幕录制: these recordings allowed a quick review of each employee's workday, which could reveal suspicious activity.
- 截图。 since the software takes screenshots when the user switches windows, visits a website, or copies something to the clipboard, it was highly probable that the moment of data theft would be captured. Besides, screenshots offered a quicker overview of the employee's day than screen recordings.
- 应用程序和网站监控: tracking these could help understand employees' workflow and reveal if someone was using unauthorized file-sharing services or email clients.
- 外部存储设备监控: 公司需要知道是否有人将客户数据库复制到 USB 驱动器或其他外部存储设备上。
- 电子邮件监控: 如果数据库通过电子邮件泄漏,CleverControl 将记录泄漏情况。
- 人脸识别 这一功能可以揭示谁可以进入办公室电脑,特别是那些可以进入客户数据库的电脑。
- 对特定办公区域进行录像和录音,并发出适当通知: 捕捉工作站附近的音频可能会泄露与数据泄漏或未经授权的讨论有关的口头交流。
调查
The CEO, working with the IT manager, implemented CleverControl on 17 office computers. They checked the employees' activity daily, looking for a potential data leak.
In a few weeks, they noticed a log of unusual activity on a customer service representative's computer. It was active long past his usual working hours. The CEO and the IT manager focused their investigation on this activity within CleverControl, and here is what they found:
- The external storage tracking log recorded the connection of a USB drive to the representative's workstation.
- 截图和屏幕记录显示,用户从客户数据库文件夹中导出了一个大型 CSV 文件到桌面。不久后,他又将文件复制到 USB 驱动器上。
第二天,当首席执行官就这一可疑行为质问客户服务代表时,他否认了所有指控。该员工坚称,事发时他正和几位同事在酒吧,而同事们也证实了他的话。
Fearing that the problem might be worse than expected, the CEO checked CleverControl's face recognition logs. Luckily, the representative's computer had a webcam, and the feature was enabled on it. CleverControl showed a facial recognition match for a marketing assistant who worked in a different department and had no legitimate reason to use the representative's workstation. The match and the video captured from the webcam confirmed that the assistant was using the computer at the time of the incident. Further investigation of activity from the assistant's computer showed that she had been browsing job posting websites during work hours in the days leading up to the file export. She seemed to look at roles in competing online retail businesses specifically.
决议
CleverControl 收集的数据检测到了内部威胁。市场助理负责窃取客户数据库。文件导出、USB 传输、下班后的活动和工作搜索都表明这是一次蓄意的数据盗窃。
当看到详细的文件活动日志和 USB 连接记录时,营销助理承认下载和复制了客户数据库。她知道客户服务代表经常忘记锁电脑,于是抓住机会窃取了敏感数据。该助理在几个月前做了这件事,并打算将更新后的数据库卖给竞争对手,以补充她的收入,因为她正在寻找新的工作。
The marketing assistant's contract was terminated immediately, and the company started exploring options for legal action against her. The company also notified affected customers about a potential data leak and explained what they had done to secure data and prevent future incidents. They also offered complimentary bonuses for affected customers as a goodwill gesture.
首席执行官还对客户数据库实施了更严格的访问控制、多因素身份验证,并加强了员工在数据安全和道德责任方面的培训。
总结
在这个案例中,CleverControl在内部威胁检测中发挥了至关重要的作用。它提供了快速识别数据窃贼所需的证据,并迅速采取行动,减轻损失,防止未来事件的发生。此外,本案例还强调,仅仅依靠文件日志或活动跟踪可能会产生误导。人脸识别作为一个额外的识别层,帮助识别了实施盗窃的真实用户。事实证明,CleverControl不仅在安全监控方面,而且在确保内部调查的公正性和准确性方面都是非常有价值的。




