Insider Threat Analyst Files: Research from the Field
2/1/2019: California State DOR Data Breach Analysis and Guidance
This week, the State of California Health and Human Services Agency Department of Rehabilitation posted a data breach notification letter on the California Attorney General’s breach reporting website.
According to the notice in the “What Happened” section:
On Wednesday, January 9, 2019, a spreadsheet containing employees’ classification information and Social Security numbers was saved to a folder on the internal G drive, to which only DOR employees have access. On Monday, January 14, 2019, a DOR employee accessed the spreadsheet in the regular course of business and promptly reported that the file included Social Security numbers. Immediately upon notification, the spreadsheet was deleted and access to the folder on the G drive was restricted.
Details are slight. They typically can be in these notification letters as reports are often filed before all details are known. Organizations are expected to alert impacted parties as soon as possible. Dtex finds this notice to be worth analysis,
- Remain challenged when it comes to protecting data and privacy
- Have a human negligence problem that causes data to improperly stored and shared
- Lack the visibility needed to truly understand how much risk is present in their networks and whether or not an actual breach has occurred
- Have deficiencies when it comes to understanding who has access to what
- May be improperly storing personally identifiable information like Social Security numbers
- May not have adequate and compliant data classification capabilities
- Can depend on educated employees to identify data security incidents
Dtex frequently helps its public and private sector customers to detect negligent activities that lead to unauthorized data exposures. We offer the following advice to any organization that needs to restrict access to data and storage drives:
- Security awareness and training: Make sure your trusted insiders are aware of how to secure data and information within the organization and in the cloud; they need to know how to use security features and controls
- User behavior intelligence: Have a technology layer in place that detects and alerts on when and how users are accessing and sharing high-risk data, and which can provide more concrete proof as to the degree of severity of a breach
- Clear policies: Ensure that your employees and others who have access to information know when, where, and how information should be stored, shared, and accessed
- Data classification and audit: Deploy technology that can be used to audit and classify data with regard to its sensitivity and compliance status
In this case, it appears as if, at the least, the state may have engaged employees with effective training. The letter does state that it was an employee who notified the department of the issue with the data in question.
For more information on the frequency of negligence trends, read the Dtex 2018 Insider Threat Intelligence Report. For more information about how the Dtex Advanced User Behavior Intelligence Platform can help, read The Dtex User Behavior Intelligence Platform Overview.