The analyst had uncovered an instant-messaging chat between one of our employees and someone from outside the company. The chat rather baldly outlined a conspiracy between the two men to assault a third man that our employee suspected was having an affair with his wife. In that conversation, our employee discussed a plan to use his wife's cellphone to text the man and persuade him to visit a park for what he thought would be a meeting with the employee's wife. At the appointed time and place, the two conspirators would attack him.
The discussion was incredibly detailed and incriminating: They talked about the type of weapon that would be best for the attack, their alibis and even the best way to wash blood off clothing and hands.
I printed out a transcript, along with information about the employee, and met with our legal department and human resources. HR's impulse was to give the employee the benefit of doubt, but our general counsel, concerned that we could be charged with negligence if an assault occurred, disagreed and said we needed to contact law enforcement immediately. I then told the employee's manager to confiscate his laptop until the matter is resolved.
I checked in the other day to find out what is happening and learned that the police investigation is ongoing and that HR has put the employee on administrative leave. There is still a chance that the entire thing was a hoax, but the incident nonetheless provides further justification for our investment in DLP.
All in all, though, I'd be happier with other sorts of justification for such a valuable initiative.
This week's journal is written by a real security manager, "Mathias Thurman," whose name and employer have been disguised for obvious reasons. Contact him at email@example.com.
Join in the discussions about security! Computerworld.com/blogs/security
Read more about security in Computerworld's Security Topic Center.