Heathrow Airport launched an investigation last week after a USB stick was found on the streets. What seemed like harmless negligence was actually a huge breach of data. The USB stick had 76 folders with private data including videos, audio and maps to the airport location. The device had a total of 174 documents, and it shows how simple, unintentional employee negligence can lead to a multi-million dollar investigation to determine the cause of the breach and any security affected.
The numerous documents contained various information such as security measures to protect the queen, IDs required to access secure areas, and the location of Heathrow’s CCTV cameras. The information was designated as restricted and confidential, but none of it was encrypted or password protected. Anyone who had picked up the USB device could have accessed the information.
Many organizations have USB policies. They either excluded them altogether from a machine’s hardware, or they disable them from the BIOS and security policies on the network. However, many high level executives are excluded from these restrictions, because they need to be able to travel with documents and quickly save and move them from computer to computer.
However, negligence of this type can be devastating to any organization. Heathrow’s security was at risk from what seemed like an employee who copied information from the network and accidentally dropped it on the street. This left the organization open to attackers had the wrong person picked up the USB.
Although Heathrow has said that its security is intact, it still has to investigate how the USB device was able to land in the street and who is responsible. Most security guidelines require audit records that log an incident when an employee accesses them, but it’s unsure if Heathrow has these measures in place.
With the right auditing and monitoring, the organization can avoid costly insider threats either by blocking data or sending an alert to an administrator to let them know that suspicious activity is occurring on the network. Between monitoring and auditing, the organization saves money during investigations and can even stop a costly insider threat from being successful.
It’s unknown what impact the leaked USB will cost Heathrow, but had the right monitoring been in place, it’s possible that the data would not have been copied to the device. Monitoring is key to avoid stolen data due to insider threats.