Adeniyi Adeyemi, a former computer technician with the Bank of New York Mellon, recently plead guilty to stealing sensitive information about bank employees.

Over an eight-year period, Adeyemi stole passwords and other info belonging to 2,000 bank employees, including his co-workers in the bank’s IT department, ComputerWorld reports. Accounting to the charges against him, he used his access to transfer money from several charities’ Mellon accounts into bogus accounts he set up using his co-workers’ personal info.

Adeyemi also admit to stealing funds directly from the employees’ accounts.

The lesson for businesses: You don’t know who you can trust. Conduct background checks on new hires, especially those who will have access to databases containing sensitive information. Also, make sure staffers only have access to parts of the network they need for their job duties.

The story, chronicled in the San Jose Mercury News, makes a strong argument for protecting all portable computers with a kind of LoJack theft location system.

The story begins with a daytime burglar alarm, relayed by an alarm company to a software company employee at work. The victim hurried home, saw evidence of the break-in, and noticed that a number of computers were missing including two iPads and a laptop. But unknown to the burglars, the engineer had installed apps on his iPhone that could locate the GPS coordinates of the stolen iPads.

When the police officer showed up, the engineer showed him a map on his iPhone pinpointing the location of the stolen goods as they were being driven to another location in town. The police managed to find the car, arrest the thieves and recover the lost computers (and a number of other machines the burglars had taken from others).

As the news story reported:

“Police spokesman Ronnie Lopez said it was a prime example of how police and the public are using modern technological tools to fight crime. Long used in automobile tracking services such as LoJack, the GPS tracking technology is becoming more common for personal and corporate technological devices such as laptops and phones.”

Apple’s not the only maker of such applications: There are products from Absolute Software and MyLaptopGPS, and we expect that most tablets will have this capacity as well.

Whether for asset security or simple inventory control, this is a technology that can offer a major new tool for IT security. As Fast Company reports:

“A laptop is stolen every 53 seconds. More than 12,000 laptops disappear weekly from U.S. airports alone. Only 3% of stolen laptops are ever returned. According to the Computer Security Institute, the average large company lost almost $3.9 million last year to laptop and mobile-device thefts, and another $4.5 million on the proprietary and confidential data stored in those machines.”

Police are currently looking for two thieves who stole $20,000 worth of printer ink from a League City, TX Walmart store.

How was the heist pulled off? Officials said two women entered the store and placed a garbage can in their shopping cart. They then filled the receptacle with the ink cartridges, the Houston Chronicle reports.

Using a can of insulated foam from the hardware department, they sprayed the store’s fire alarm so it couldn’t be heard as they left through a fire exit.

The total haul: 122 cartridges ranging in price from $13 to $492 each.

John Buonomo, former register of probate in Middlesex, Massachusetts, was recently sentenced to 30 months in jail for stealing campaign funds — and change collected by public copiers.

He was convicted of larceny, personal use of campaign funds, willfully misleading investigators, breaking and entering, and theft of public property. He was also ordered to pay restitution for the campaign money, but the amount taken from the copiers is unknown, UPI reports.

Buonomo made over $110,000 a year in his position, so we’re guessing he wasn’t in dire need of the quarters he pocketed. Maybe he just needed change for the laundromat?

Here’s what happened in one recent court case:

An employee quit his job to run a consulting firm with his wife.

A few weeks before his resignation, he e-mailed several sensitive documents — including financial records, customer lists, marketing research and Web site data — to his personal account. Also, two months after the employee quit, an IT administrator discovered that someone was logged in to the company’s network using the ex-employee’s username, which had never been deactivated.

The employee never denied sending himself copies of confidential information to use for his consulting business. So when the company tried to take legal action, why did a court toss the suit?

Because the employee was given free access to the documents.

The Computer Fraud and Abuse Act allows penalties for people who commit fraud by accessing a computer “without authorization.”

The employee was allowed access to the information he took (he needed it for his job), and the company had no policies or signed agreements requiring him to keep the info confidential. Therefore, the judge ruled, he was not acting without authorization.

As for logging in to the network after he quit, the company couldn’t prove it was the ex-employee, rather than someone else who knew his username and password. (Both pieces of data were saved on a computer that at least two other employees could access.)

Steps to take now

Data theft by departing employees is a big issue today, when laid off employees are desperate for ways to appear more valuable to prospective employers.

Here are some steps the employer in this case could’ve taken before the theft:

1. written a confidentiality agreement to keep employees from using information obtained at work to help another business, and
2. removed the employee’s network access as soon as his resignation took effect.

MFPs are constantly getting smarter and more “computer-like” — which makes them more vulnerable to the security risks that affect other devices.

With networked MFPs, security breaches are possible at every step of the printing process — on the user’s computer, on the server, between the server and the printer, and on the printer itself.

Last but not least, there’s a low-tech risk that’s been around as long as shared printers: a co-worker or other passer-by taking someone else’s pages out of the printer’s output tray.

That problem’s apparently widespread — 56% of employees have seen sensitive documents left in the printer unattended, according to a recent survey by Samsung Electronics.

Here are five common mistakes businesses make that compromise printer security:

1. Printing off an unsecured disk – If your device prints off its own disk, you can probably set it to erase the disk after every job (sometimes you need to buy add-on software from your vendor). Alternatively, some printers let you bypass the hard disk and print straight from RAM (which is more secure but takes longer). Finally, you can buy a model without a hard disk — that’s an option you may not even need.
2. Not requiring authentication where it’s needed – A common mistake of setting up shared printers is treating every department the same — even though some deal with more sensitive documents than others. Though it may be too big a hassle in some places, for departments that regularly print confidential documents, consider getting a printer that requires a user to enter a password into the machine before it prints. Some models also use swipe cards, or even biometric fingerprint readers.
3. Keeping the reprint option – Some printer models let users hit a button that prints another copy of the previous job. Obviously you don’t want that capability when someone’s printing a secure document.
4. Ignoring virus protection – Printers and MFPs usually get the least attention when it comes to viruses, but there’s still malware out there than can take control of a printer or steal the documents being sent to the device. One way to reduce risk: Get a model with a proprietary operating system.
5. Failing to train users – Like any security issues, the risks associated with MFPs contain a significant human element. It’s important for employees who regularly print sensitive docs to be aware of the risks and know what they can do to minimize problems.

Almost 25% of companies say employee theft has become a bigger problem than they’re used to in the past year, according to a recent survey by the Institute for Corporate Productivity.

No surprise here: The common items taken were office supplies like  ink and toner cartridges.

In one extreme example of toner theft, a former Penn State University employee was recently arrested for embezzling nearly $45,000. Her method: She’d buy ink and toner cartridges on the university’s dime, resell them to an office supply store and pocket the cash.

She was caught after a budget administrator noticed a large uptick in the amount of toner being purchased.

Toner and ink are attractive targets for dishonest employees: They’re small and easy to take home. Also, companies purchase them on a constant basis, making it difficult to notice irregular and suspicious activity.

Some ways to prevent theft: Keep cartridges locked up, remind employees that taking supplies home is not OK, and regularly audit purchasing records.