Companies beware: Next big leak could be yours

And as WikiLeaks claims it has incriminating documents from a major US bank,possibly Bank of America,theres new urgency to addressing information security inside corporations and a reminder of its limits when confronted with a determined insider.

At risk are companies innermost secrets e-mails,documents,databases and internal websites that are thought locked to the outside world. Companies create records of every decision they make,whether its rolling out new products,pursuing acquisitions,fighting legislation,foiling rivals or allowing executives to sell stock. Although its easy technologically to limit who in a company sees specific types of information,many companies leave access far too open. And despite the best of intentions,mistakes happen and settings can become inadvertently broad,especially as networks grow more complex with reorganisations and acquisitions.

And even when security technology is doing its job,its a poor match if someone with legitimate access decides to go rogue.

With the right access,a cheap thumb drive and a vendetta are the only ingredients an insider needs to obtain and leak secrets. By contrast,outside attackers often have to compromise personal computers at the bottom of the food chain,then use their skills and guile in hopes of working their way up.

Employees go rogue all the time for ego,to expose hypocrisy,to exact revenge or simply for greed. A former analyst with mortgage lender Countrywide Financial Corp,now owned by Bank of America,is awaiting trial on charges he downloaded data on potentially 2 million customers over two years,charging 500 for each batch of 20,000 profiles. Prosecutors say the analyst worked secretly on Sundays,using an unsecured Countrywide computer that allowed downloads to personal thumb drives. Other home loan companies bought the customer profiles,including Social Security numbers,for new sales leads,according to authorities.