If you can't use encryption enforcement to protect data, at least prevent employees from bringing, using, and leaving with unauthorized removable media. Most employers are far too casual about permitting the use of USB thumb drives. Employees should not be bring in or leave with writeable CD-ROMs or USB hard drives. It happens all the time, but it leads to the introduction of malware, including the Stuxnet worm, and the removal of confidential data.
Ultimately, WikiLeaks-type attacks are difficult to prevent. Determined malicious hackers can almost always get inside their intended target to steal data using the credentials of others. Trusted insiders are even harder to stop. Notably, based on the various FBI digital crime reports I've read, many trusted insiders caught stealing data had made earlier threats to damage a company. They were known to be disgruntled employees.
Train leaders and coworkers to look out for signs of angry employees with an ax to grind and access to confidential data. If employees make what appear to be merely empty threats, take them seriously anyway. Remove the users' access to the protected data until they can prove they're trustworthy again. If nothing else, increase monitoring to make sure they aren't making unauthorized downloads of large data sets.
I'm sure many readers will take me to task for suggesting that every frustrated employee be treated as a criminal -- heck, I've been a frustrated employee more than once. However, if you want to make sure your organization doesn't end up as the next WikiLeaks target, caution pays dividends in this new pain point in the digital world.
Therein lies the frustration of this whole situation: Much of what I have written here goes against everything I believe in, such as monitoring suspected employees, preventing the casual use of removable media, and reporting frustrated coworkers -- so I sit hear confused as ever. Readers, let me know what other, better solutions you have.
This story, "Stopping the next WikiLeaks," was originally published at InfoWorld.com. Follow the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com.