Industry News

Toll Suspects USB’s Carried Protected Information to a Competitor

USB key security breach. A man pushes a USB into place on a computer

According to IT News, transport giant Toll has received permission to inspect the contents of 8 USB devices it suspects were used to illegally copy its intellectual property by an ex-employee.

Currently locked in a legal stoush with the former National Sales Manager for subsidiary NQX, Toll alleges that in the days immediately before his departure the employee used non-Toll-owned USB devices in his company-issued laptop as well as certain shortcuts that could indicate the copying of information to those USB’s.  Subsequent to leaving the employment of Toll the employee took up a position with Followmont Transport and there is evidence that some clients of Toll began using Followmont’s services after his appointment.

Regardless of how the issue plays out, it begs the question: how could it have been prevented?  Here are three potential solutions.

  1. There’s an argument that any company is vulnerable if the right employee, with the right access, chooses to do it harm.  In that circumstance, applying an encryption algorithm to all the company’s data so that if it was removed from the premises it would be unusable might have been an appropriate solution.  But that adds a layer of impracticality and file latency overhead that most employees see as productivity draining.  (Still, in the era of mandatory data breach notifications, it might be something you want to consider.)
  2. Toll could have locked down the transport layer (pardon the pun), blocking access to any USB key that did not “have permission” to be part of the network.  The employee may then simply have used a USB key that belonged to Toll, but the exfiltration process would have been more difficult, especially if the USB keys were configured only to work in Toll-owned PC’s.
  3. Although nascent in its development, there’s a new branch of behaviour-monitoring software that establishes a baseline of employee activity on your network and can alert you to events that fall significantly outside the norm.  In this particular case, the employee accessed his PC with a non-Toll USB key three times on the day before his resignation.  That event would have registered as unusual and could have been flagged for follow-up by the IT department.

The trick is finding the balance between oversight and Overlord.

Working with an experienced IT consultancy or internal team that can give you options that suit your particular circumstances and threat vectors.


Our Address


1300 667 871 or +61 7 3220 0352

Brisbane Office

Level 5, 488 Queen Street, Brisbane, QLD 4000

Sydney Office

Level 21, 133 Castlereigh Street, Sydney, NSW 2000

Melbourne Office

Level 28, 303 Collins Street, Melbourne, VIC 3000

Our Services

Industry Expertise