Home arrow Articles arrow Pune Source Code Case – Lessons for Outsourcing firms
Wednesday, 08 February 2012
Pune Source Code Case – Lessons for Outsourcing firms PDF Print E-mail
In this incident which again brought to light that the human element is the weakest link in a company’s security armour, a former employee of a Pune based software firm was arrested for allegedly sharing confidential source code with her husband and others. 

 

Employees of IT/ITES companies handle confidential information ranging from financial details to expensive source code. As part of most outsourcing deals companies have to sign NDAs with their clients whereby they have to protect the data of the clients transferred to them as part of the outsourced job.  The outsourcing companies can run into major trouble which could threaten their very survival if this information is leaked and their clients sue them. 

IT companies should have a strong information security policy as well as a legal framework in place to secure itself against data thefts. 

Information Security:

IT companies should have a secure network complete with firewall, anti-spyware and ant-virus mechanisms to guard itself against threats from outside.  But often the threat is more from inside than from outside and this is what companies often ignore.   Perpetrators of information theft often resort to social engineering methods than hacking to gain access to confidential information.  The employees of these firms could be targeted with the lure of money or friendship with the opposite sex.  The companies should opt for employee surveillance measures like monitoring of emails and IMs to be informed of any possible information theft.  Cyber criminals often target smaller companies which handle confidential. Thus it will be easier to gain confidential information from a law firm handling the work of a banking corporation than from the bank itself as the security measures in place will be less stringent.

Legal Framework

Outsourcing companies should have a NDA signed by all its employees who handle confidential information.  A strong and valid NDA will be a deterrent for any employee against committing acts of information theft.  Also companies should have provisions for employee surveillance included in their employee agreements to ward them against such mischief.

Apart from these companies should educate their employees regarding the importance of keeping the confidentiality of the information that they handle.  Frequent training sessions of employees covering these aspects is a must for any company in the outsourcing industry. 

 
Next >
[ Back ]