⚡ Get All Content for 20% Off ⚡

Security Threats From Within Few know as much about your IT security as your employees and former employees do. Here's how to safeguard your technology from the inside.

entrepreneur daily

Q: I have heard that one of the biggest information security threats to a company can come from within. Is this true? What exactly does it mean, and what can be done about it?

A: When people think of an information security threat or a "security breach," thoughts of bad buys, gangsters and hackers come to mind. Companies usually make sizeable investments to prevent intrusions to their systems, put protections in place and know the seriousness of external threats.

Companies usually try to patch every loophole and make every system impenetrable. But guess who knows more about these loopholes and ports of penetration than anyone? A company's own employees (or former employees). In reality, disgruntled, former or fired employees or even external service providers are the most likely culprits of a security breach--anyone with "insider information." It is for that very reason that four out of five IT-related crimes are committed from within an organization.

Internal threats might be someone who knows the weaknesses of the software being used or has the ability to introduce viruses into a system. Viruses can come from within simply by opening e-mail attachments. Some employees find it easy to gain access to restricted areas; this may include the possession of unauthorized passwords. If something is password-protected, chances are there is confidential information involved.

Next Step
Help prevent internal theft with "Caught in the Act."

Keep your IT under lock and key with Security and Loss Prevention: An Introductionby Philip P. Purpura.

With all the home office workers, laptops are in frequent use. Many times the security prevention in a laptop is turned off when remotely connecting. This is another major internal vulnerability or internal threat.

So if 80 percent of IT crimes are internal, what should a company do about it?

  1. Perform a security audit, or have one performed.
  2. Unless the knowledge, experience and manpower exist in-house, consult an outside expert on audits, policies, and the subsequent security monitoring and prevention service.
  3. Ensure adequate background checks on employees.
  4. Establish a security policy, and enforce it. This includes implementing things like swipe cards, changing passwords often and restricting sensitive areas. This creates the right attitude toward information security in your company and clarifies the consequences of any found internal breach. A professional consulting firm specializing in policy development can save time and money and ensure an up-to-date policy.
  5. Use firewalls. Firewalls protect against unauthorized logins usually from the outside world, preventing hackers from logging on to your network.
  6. Use virus scanning software. Attachments to e-mails received and passed around are the biggest reason for the spread of viruses.
  7. Implement ongoing managed services.

These are only a few ideas for combating internal security threats that surround us all. Enlist the help of a professional security consulting firm that will do both the audit and policy development before implementing a complete managed services package.

Michael Bruck is the founding partner of BAI Security, an 8-year-old information security consulting firm. Bruck leads his security team with a successful 16-year background in IT management and senior engineering positions. He is also the developer and author of best practices that are becoming standards in the information security consulting business. He can be reached via www.baisecurity.netor by email at mbruck@baisecurity.net.


The opinions expressed in this column are those of the author, not of Entrepreneur.com. All answers are intended to be general in nature, without regard to specific geographical areas or circumstances, and should only be relied upon after consulting an appropriate expert, such as an attorney or accountant.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

The Remote Side Hustle a 43-Year-Old Musician Works on for 1 Hour a Day Earns Nearly $3,000 a Month: 'All From the Comfort of Home'

Sam Ziegler wanted to supplement his income as a professional drummer — then his tech skills and desire to help people came together.

Business News

Costco CFO Reveals Uncertain Fate of $1.50 Hot Dog and Soda Combo

CFO Richard Galanti reveals that the price will stay the same — but only "for a while."

Business News

The Most Unexpectedly Popular Side Hustle of the Decade Has Low Startup Costs and High Markups

A new report shows that vending machines are a popular investment — and the industry is set to grow up to $3 billion by 2031.

Marketing

Ever Wonder Why Certain Websites Rank Higher Than Yours? This SEO Expert Reveals The Secret to Dominating Search Results

It's often the smart use of SEO, now supercharged with AI, particularly in keyword optimization.

Business News

AI Is Impacting Jobs. Here Are the Gigs Affected the Most, According to an Analysis of 5 Million Upwork Postings

The researcher said in the report that freelance jobs were analyzed first because that market will likely see AI's immediate impact.

Leadership

Former Interrogator Shares 5 Behaviors Liars Exhibit and How to Handle Them

Five deceptive behaviors to look for and how to respond to those behaviors when you encounter them.