The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP, CIPP/US is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

She wanted to conduct her own investigation…. (long sigh)

See Article Here

An employee decided, in 2013, to install a keylogger program to investigate whether one of her co-workers was looking at porn. News Flash..... there are more people looking at porn on the company network than you think! Trust me, I KNOW! However, you have now exposed over 258,000 records containing personally identifiable information (PII), personal health information (PHI) and tax information of your co-workers. I would like to know, did you find anything? Now you may go to jail and the person looking at the porn (as long as it is not child porn) will be at work tomorrow.

How do we characterize this particular insider threat scenario?? She knew enough to install a keylogger, maybe forgot the program was even there, it doesn't appear that she used the information for malicious purposes, i.e. identity theft. Hum??? Let's call it the nosy co-worker insider? Just someone else that needs to be defended against!