Contact us

[ return to list ]

Meeting the Computer Threat from Insiders

What is the greatest threat to your company's computer system? Surprisingly, it doesn't come from teenaged hackers or foreign terrorists. It is right outside your office door in the form of your own employees.

For instance, staff members could steal your trade secrets, sell financial records of customers or eavesdrop on your e-mail without your knowledge. Or they might leave laptops unattended or carelessly send out proprietary information in unencrypted e-mails. In the end, the financial consequences to your company can be devastating.

This is a difficult proposition for supervisors who have come to trust their employees. To further complicate matters, dealing with insiders is often more difficult than outsiders. You can't simply install antivirus software or improve the network firewall for protection.

Nevertheless, there are several steps you can take to combat the dangers lurking within. Consider the following:

*Evaluate the risks. It sounds obvious, but the first thing management should do is understand where and how its computer system is most vulnerable. Start by simply compiling a list of all the potential threats. Next, try to ascertain the likelihood of such possibilities succeeding. Finally, assess the possible damage, both financial and otherwise, to your organization.

*Know your workers. The optimal time to head off problems is during the hiring process. It is strongly recommended that you perform background checks when hiring for sensitive positions, including managers of computer systems and anyone else working on computer security. Although these checks aren't foolproof, they can weed out potential workers who could cause harm.

*Educate the workforce. Security experts generally concede that most incidents involving insiders are unintentional. Employees e-mail confidential records without thinking, leave computers unattended or write down passwords on notes attached to their keyboards. With a better training program in place, these problems should be reduced.

*Organize data. Companies can better protect their vital information by setting up a classification system. Generally, the classification levels should be based on importance for security purposes. Each data level is tied to differing layers of control.

*Limit access. After allocating data to different classifications, your company should limit access on a “need-to-know” basis. The same principles apply to internal groups working on different projects. Note: A system administrator may be granted carte blanche, but risks may be reduced through specific log-in procedures establishing the administrator's identity.

*Use encryption. Encryption can provide an extra level of security for important data. For instance, it can be helpful when employees with different access rights must access the same information. Encryption can also prevent outsiders from accessing data on stolen or lost laptops.

*Investigate new software. Consider using software that monitors, filters or blocks employee e-mail, web browsing and other computer activities. The technology is improving, but certain privacy issues remain.

Don't ignore or dismiss the possibilities out-of-hand. By taking these simple precautions, you can avoid major disruptions to your business.

[ return to list ]




	[ return to list ] Meeting the Computer Threat from Insiders What is the greatest threat to your company's computer system? Surprisingly, it doesn't come from teenaged hackers or foreign terrorists. It is right outside your office door in the form of your own employees. For instance, staff members could steal your trade secrets, sell financial records of customers or eavesdrop on your e-mail without your knowledge. Or they might leave laptops unattended or carelessly send out proprietary information in unencrypted e-mails. In the end, the financial consequences to your company can be devastating. This is a difficult proposition for supervisors who have come to trust their employees. To further complicate matters, dealing with insiders is often more difficult than outsiders. You can't simply install antivirus software or improve the network firewall for protection. Nevertheless, there are several steps you can take to combat the dangers lurking within. Consider the following: Evaluate the risks. It sounds obvious, but the first thing management should do is understand where and how its computer system is most vulnerable. Start by simply compiling a list of all the potential threats. Next, try to ascertain the likelihood of such possibilities succeeding. Finally, assess the possible damage, both financial and otherwise, to your organization. Know your workers. The optimal time to head off problems is during the hiring process. It is strongly recommended that you perform background checks when hiring for sensitive positions, including managers of computer systems and anyone else working on computer security. Although these checks aren't foolproof, they can weed out potential workers who could cause harm. Educate the workforce. Security experts generally concede that most incidents involving insiders are unintentional. Employees e-mail confidential records without thinking, leave computers unattended or write down passwords on notes attached to their keyboards. With a better training program in place, these problems should be reduced. Organize data. Companies can better protect their vital information by setting up a classification system. Generally, the classification levels should be based on importance for security purposes. Each data level is tied to differing layers of control. Limit access. After allocating data to different classifications, your company should limit access on a “need-to-know” basis. The same principles apply to internal groups working on different projects. Note: A system administrator may be granted carte blanche, but risks may be reduced through specific log-in procedures establishing the administrator's identity. Use encryption. Encryption can provide an extra level of security for important data. For instance, it can be helpful when employees with different access rights must access the same information. Encryption can also prevent outsiders from accessing data on stolen or lost laptops. *Investigate new software. Consider using software that monitors, filters or blocks employee e-mail, web browsing and other computer activities. The technology is improving, but certain privacy issues remain. Don't ignore or dismiss the possibilities out-of-hand. By taking these simple precautions, you can avoid major disruptions to your business. [ return to list ]
1105 Dumont Court, Matthews NC 28104 Fax:704-845-0928 © Copyright 2004 Desai & Desai, LLP