Increasing Defenses against Data Theft in the Innovation and Engineering Technology Workplace

This paper presents several offerings of relatively easy to implement and low-cost solutions to increase a company’s defenses against theft of data learned from firsthand experience in the engineering and technology field(s). My goal of this paper, is to leverage this firsthand experience to eliminate several potential data extraction points that have stood out to me in day to day operations of both large corporations and military. In today’s major innovation technology workplaces, the prevention of data theft is paramount. Having worked in both the military and civilian C4I (Command, Control, Communications, Computers and Intelligence) fields, I have both first and secondhand experience in malicious phishing attempts and data theft. Phishing attempts have come mainly in the form of emails, but lately have also come in the form of voice phishing (vishing) robocalls (recorded message). Data theft has plagued the technology and military fields as well, bringing possible grave danger to our national security from both insider and external threats. These institutions are high value targets, for both monetary gain and to cause damage to our national security. Though full protection is never guaranteed, using training to increase personnel’s situational awareness, changing rules on how data is saved and accessed, the odds of protecting one’s intellectual property and national security increases. Through my personal experience and research, I am offering several relatively easy to implement and low-cost solutions to these issues. Spear phishing is a targeted attack through email that may be a subject of interest to the recipient, or from what looks like a known sender. Spear phishing email is a common tactic used by cyber spies with the intent to steal employee logon credentials (Stallings), and ultimately steal company sensitive information. This attack cannot be stopped completely, but a solution many companies in aerospace are looking to is training to raise the awareness level of their employees. This training can be accomplished through live instruction, online interactive lessons, as well as my preferred real world simulated phishing attacks. Vishing/robocall attacks have seen an increase recently in the form of a mass influx of robocall(s) (Figiola, 2018). Vishing shares a similar solution as email phishing, with the addition of phone reporting for blocking purposes. Solutions are offered for vishing via third party free and paid blocking services. Data theft is an always present issue for both the aerospace/technology industry, as well as the United States military. There have been instances of data theft in the aerospace industry that have led to the compromising of national security, such as the case of Noshir Gowadia selling trade secrets to China (United States v. Gowadia, 2010). An example of espionage in the military from data theft came from Chelsea Manning, who was able to leak stolen information to WikiLeaks. Data theft can be prevented and in the case of Chelsea Manning, could have been avoided by control of media leaving classified work space (Stallings). Both are examples of the how both civilian and military data theft can cause grave danger to our national security, while causing damage to the institute’s reputation. Rules governing the handling of data need to be in place to reduce attack plane, which can be done through USB drive accountability, blocking data extraction points from machines and blocking internet email sites. Even the largest C4I corporations have potential holes that can be addressed relatively quickly, my goal is to successfully address a few of these and make an impact in my field.