ROAR detected anomalies in employee Missy Cheevious's network activity, alerting Heartbeat Helper. On a Sunday during the Superbowl, Missy logged in, downloaded confidential sales documents, changed the file names, and emailed them to her personal email. ROAR analysts verified this suspicious activity and immediately contacted Heartbeat Helper. The company terminated Missy on Tuesday after she admitted to preparing for a new job by taking confidential documents. ROAR's 24/7 monitoring helped Heartbeat Helper catch an employee stealing data and avoid a potential compliance issue.

1. ROAR
in Real Life:
Heartbeat
Helper
The Lorenzi Group

2. The Situation
 Missy Cheevious was an average salesperson at
Heartbeat Helper Co.
 She made her numbers but wasn’t the best (or worst) on
the sales team
 Heartbeat Helper is (still) a leading player in the
Medical Device Industry.
 Heartbeat Helper is seeing new competitors come
into the market.
 There was no reason to suspect Missy Cheevious
would leave the company.
 Heartbeat Helper is a ROAR client

3. The Event
 During the Superbowl, ROAR Analysts are alerted
that Missy Cheevious had logged into the
corporate network.
 While logged in, she downloaded confidential
sales documents, changed the file names, and
emailed them to a webmail address (hers).
 This was an anomaly because Missy Cheevious:
 Had never logged in on the weekend before
 Logged in during the Superbowl!
 Copied and changed the name of confidential
documents
 Emailed them to her private webmail address
 Logged in for less than 4 minutes

4. What did ROAR see?
1. Someone logging into a user account
2. Someone going across the network to a
shared drive
3. Someone changing the names of the
files and saving the files locally
4. Someone opening their email client and
emailing the files (with names changed)
to a webmail address

5. ROAR in Action
1. ROAR Analyst verified findings
1. Webmail addresses belonged to employee
2. ROAR Analyst contacted client
1. Client contacted within MINUTES
3. Client SHOCKED we were watching system
during Superbowl (YAY! ROAR exceeded expectations)
4. Client SHOCKED about employee activity
5. List of evidence and all files emailed, ftp’d and
saved to USB for past 30 days sent to client

6. ROAR Aftermath for Missy Cheevious
 Monday (after the Superbowl)
 Employee called in sick
 Employee access terminated
 Tuesday AM
 Employee admitted to skipping work for job interview
 Missy Cheevious was terminated
Upon termination:
1. Employee was provided a list of documents
(including the “Superbowl” documents) that
Heartbeat Helper considers confidential
2. Heartbeat Helper informed employee that if any
information from those documents is used, Missy
Cheevious and her new employer will face legal
action.

7. Wrap Up
 Lorenzi ROAR is a 24x7 monitoring service
 ROAR looks for anomalies
 ROAR is used for:
 Security
 Compliance
 Productivity
 In this matter, there would have been a HIPAA
compliance issue, had the data been allowed to
leave Heartbeat Helper.
ROAR protected Heartbeat Helper

8. Are YOU
Ready for a FREE Trial of ROAR?
Robert Fitzgerald
The Lorenzi Group
866-632-9880 x123
www.thelorenzigroup.com
rfitzgerald@thelorenzigroup.com