Thanks to Web filtering, one IT manager discovered that an employee was running a side business selling items on eBay while on the clock. Keeping tabs on an online auction during working hours is hardly unique, but this particular employee happened to be selling office items stolen from the company warehouse.
"We thought it was kind of ingenious," Eric Lundbohm, vice president of marketing for Orange, Calif.-based 8e6 Technologies Inc., said sarcastically. His company has released results of a survey conducted during February's RSA Security Conference. The winners for best anecdotes were released this week.
"People running eBay businesses, in general, were among the most widely referenced examples," explained Paul Myer, the company's president and COO. "What made this unique [was] there was inventory taken out of the warehouse that was being sold out of his eBay store."
Another noteworthy instance involved employees who reconfigured a company server for internal office pools and then parlayed that success to create a full-scale gambling site -- all done within the network's firewall.
"It really stretches the imagination to see what people have come up with," Myer said. He noted one particularly disturbing instance when an employee strategically set up a webcam in the next cubicle to spy on a co-worker while working from home.
All of these instances point to more than employee gumption. In addition to sucking up productivity and bandwidth, they pose legal and security risks.
"The days are over when it's sufficient for a security professional to keep bad guys out of your network," Myer said. "These threats are not perimeter-based; they bypass security because they are initiated by users."
The company, named for the phrase to "86" someone by tossing them out of a place, serves a number of customers in the education field, which Myer said provides a great test beds for risky or malicious insider behavior. "These customers deal with some very creative users with a lot of time and a lot of curiosity," he added.
During the last nine months, the company's seen an upswing in misuse of anonymization tools to mask Web surfers. In response, 8e6 has built into its URL library the ability to block open source and publicly available proxy software at the packet level.
"Employees probably feel the internet is an unlimited resource, and it's a victimless crime to misuse it a bit," Lundbohm said. "And the challenge for the security professional is to separate the wheat from the chaff."