Wet Your Pants & Suck Your Thumb

by Rob Fitzgerald

IT’S OFFICIAL!  Thumbsucking, podslurping, and sneaker-grabbing have become everyday lexicon in IT departments.  And if you don’t know what these terms mean, this is for you! 

All of these terms describe ways employees are walking out the door with confidential information.  Thumbsucking uses USB Thumb drives to copy data allowing for information transfer at a later date.  A typical example of a “Thumbsucker” is the employee that is always using thumbdrives to carry information around.  Worse are the “Thumbsuckers” that continually ask for new thumbdrives or often lose them. 

The ever present iPods are excellent cover for listening to music while copying anything from contact lists to document files…. all at the click of a button.  “Podslurpers” are funny.  They want to be able to download and listen to music on their iPod.  They simply connect their iPod to the work computer and work away… at downloading your data.  It appears they are working and enjoying some tunes, however, that may not be the case!  An iPod can hold up to 360GB of data, and any type of data – songs, pictures, spreadsheets, CAD drawings, you name it.

Amazingly, even good old fashion “sneaker-grabbing” corporate theft is on the rise.  “Sneaker-grabbing” refers to the age-old art of printing out confidential documents and walking them out of the building.  Unless you have a print server that logs activity, you may never know how much info someone has taken. 

Knowledge-based workers can drive companies to success.  If you are not managing and protecting your corporate knowledge, you risk losing a competitive advantage, potential patents, prospective partners, and your business.  Employees are the number 1 conduit of confidential information leaks.

For Organizations - Things You Can Do TODAY:

1)      Review corporate policies regarding confidential information, data storage, and data access.

2)      Inform employees of your policies.  Require them to sign appropriate non-disclosure agreements.  Strictly police and enforce your policies.

3)      Asset tag equipment – including USB Thumbdrives. 

4)      Only allow company-owned equipment on your network – NO EXCEPTIONS!

5)      Install network monitoring tools to identify abnormal user patterns.

6)      Consult with legal counsel to discuss options for better protecting your data as you grow.

These basic steps can protect you, your company, and your employees AND allows the company to focus on important things like generating revenue and servicing customers.

For Attorneys - Why This Is Important to Litigation & eDiscovery:

Thumbsuckers, Podslurpers, and Sneaker-grabbers exist in every organization.  The trick is to figure out whom they are AND if they are relevant to the litigation.  When initiating Litigation Hold notices to opposing parties, make sure to CLEARLY state that all files should be preserved – including registry files and network monitoring logs.  Often opposing parties will preserve only what THEY think is relevant.  If counsel doesn’t know to ask for network activity logs and registry info, critical data can with-held or lost. 

Many times we have seen attorneys realize too late (at the end of the discovery process) that Intellectual Property, customer lists, financial data, or other information was taken by the opposing party; however the attorney only requested from opposing counsel emails and document folders making the evidence of how the data was taken unavailable.  Don’t let this be you.