Maintaining control over access to and the distribution of confidential data is an important part of a business' efforts to remain competitive. For this reason, much effort may be expended by a company in preventing a breach of its policies relating to data security. For example, trade secrets such as customer or prospective customer lists (which may include sales data, projections, etc.) have significant competitive value. They represent the result of many hours of effort to develop leads and establish business relationships. For this reason, employees with access to such data are in a position to significantly harm their employer should they decide to copy that information and provide it to a competitor.
While improper, such unauthorized copying and transfer of confidential data occurs because the data has significant economic value. Such actions may sometimes be done as part of obtaining a new job and/or increased compensation (such as by selling the data without changing jobs). As a result, the ability of an employee to access and copy such data may create an incentive for the employee to offer it to another company. The other company may be interested because having the list saves a competitor effort in developing their own customer relationships, and hopefully increases sales. It also provides them with a way to directly harm the rightful owner of the list by displacing the owner's sales to a customer. Typically, if such data is stolen, each person or entity on the customer or contact list may be contacted and solicited for business by the company in possession of the data. This may lead to new business and an opportunity to disparage the business of the original owner of the data.
Because of the significant economic value represented by trade secrets and other forms of confidential information, a company may invest a significant amount of resources in developing and enforcing data security programs for employees, vendors, and others with whom it may do business. Such programs may include ways of tracking data in an effort to determine if data has been stolen and transferred to an entity that is not entitled to have access to the data.
One method that has been developed to determine whether data has been obtained improperly is the use of what is termed a “honey token” (or honeytoken). A honey token is a name given to a set of techniques that may be used to identify when a person is in possession of information that they are not authorized to have. In some cases, a honey token may be used to alert the rightful owner of a set of data that it has been stolen, and to identify the unauthorized user. One example of a honey token is that of fake but apparently meaningful data that is inserted into a set of actual data. In this scenario the honey token represents a recognizable data string that can be distinguished from actual data by the proper owner of the data. Presumably, if such a token is discovered in a data set, it may be used to trace the origin of the data and determine the rightful owner, or provide proof that a person presently in possession of the data set obtained it in an improper manner. A honey token may also be inserted into a set of data with the goal of triggering an action by the unauthorized possessor of the data (such as the sending of an email). This may provide an indication to the actual owner that the data set has been stolen, and also the identity of the party now (wrongfully) in possession of the data.
However, currently known methods of using a honey token do not permit determining who specifically was responsible for the breach in data security, for example the employee who improperly copied and transferred the data. This information may be important in determining how access occurred, and confirming that the data was in fact misappropriated. Furthermore, if the person who was responsible for improperly transferring the data to another party becomes employed by or receives compensation from that party, then being able to positively identify that person may be necessary in order to hold them and their new employer accountable for the damage they caused to the rightful owner of the data (such as by filing a lawsuit seeking damages for misappropriation of trade secrets, unlawful competition, unfair business practices, receiving stolen property, or the like).
Conventional approaches to enhancing the security of confidential data do not provide an efficient way to trace the identity of a person who improperly accessed and/or transferred the data to a competitor. Embodiments of the invention are directed toward solving these and other problems individually and collectively.