A colleague of mine forwarded a story with this idea about how to insiders that steal or sell corporate data.
The basis of the suggestion is to use partially masked identity data of friends and family as a sort of data theft "honey pot." It reminds me of my college days when friends of mine would sign up for mail order catalogs under the names of their favorite Dallas Cowboys.
That always struck me as clever and funny, but I feel this idea is misguided. Furthermore, the underlying tone of using your family as "bait" is a bit disturbing.
The reason why it won't work is that once the data is gone and the fake contacts are getting communications, there's no way to tell which insider leaked it. In short - it doesn't do anything but let you know that you've been compromised.
In some cases, this would be pretty valuable. Many businesses lose data and don't know if for months, even years...TJX is the poster-child for this situation.
A better solution is one that can tell you who accessed data and when, even if they are insiders. That way you don't need to spend time "persuading the miscreant to cough quickly;" you already know whodunnit.
Leave a comment