Data Thieves primarily have one or more of three reasons for doing what they do:

ECONOMIC
(Espionage)

POLITICAL
(Sabotage)

UNAUTHORISED ACCESS (Vandalism)

They can sell or use your data for personal enrichment.

They may be a sales director or rep. keen to impress their new employer or could they be setting up on their own and need the data.

They could even be a sleeper in your organisation, dipping into your databases over time on a covert basis, and as tasty morsels of information come along, passing it onto your competitors.

They intend to use the data to further a cause, real or imagined, that could be gnawing away at them.

Examples might include staff members harbouring a grudge who might think the release of sensitive or confidential data about your company could even the score a bit.

Research Labs, political parties and defence establishments are also targets for these people, using what could be either innocuous or incriminating data or documents for their own purposes.

This is the "If I can't have it neither will you/ I wonder what's in here?" types on one hand, and the hackers and virus writers on the other.

Their intention is to snoop and browse as much as they can, poking their noses into things they don't need to see.

Knowledge is power to these folks and they often get perverse pleasure from corrupting, subtly changing, or destroying data and documents.

Tackle this in at least 3 ways:

1: Make sure staff or contractors cannot get their hands on the data by denying access to the server or ports on workstations using LOKBOXX safes or cabinets.

2: Ensure you have the right wording in your Contracts of Employment that forbids removal of data and documents and for contractors, make them sign a Confidentiality Agreement that includes electronic data. Ensure your policies permit monitoring of workstations covertly.

3: If a staff member is believed to be disenchanted and looking around for another job, keep changing their Win NT/2k passwords, limit their time on the network and consider covert monitoring software.

Tackle this in at least 3 ways:

1: Make sure staff or contractors cannot get their hands on the data by denying access to the server or ports on workstations using LOKBOXX safes or cabinets.

2: Ensure that sensitive computers (servers and workstations) have their data fully encrypted and there is either an access control device fitted to the PC (Compblock or Biometrics) or the room is kept secure and under access control.

3: Ensure that temporary staff have only limited rights on the network and all workstations are logged off after say, 5.30pm. Only allow trusted staff to access key systems out of working hours.

Tackle this in at least 3 ways:

1: Make sure staff or contractors cannot get their hands on the data by denying access to the server or ports on workstations using LOKBOXX safes or cabinets.

2: Ensure you backup and archive your more valuable and sensitive data to ensure corruption, data loss or alteration. And keep the backups well away from the server.

3:Also consider moving away from a Win95/98 peer to peer network if you can, Windows NT or 2K offers appreciably better security.