Security Threats From Within

Few know as much about your IT security as your employees and former employees do. Here's how to safeguard your technology from the inside.

Q: I have heard that one of the biggest information security threats to a company can come from within. Is this true? What exactly does it mean, and what can be done about it?

A: When people think of an information security threat or a "security breach," thoughts of bad buys, gangsters and hackers come to mind. Companies usually make sizeable investments to prevent intrusions to their systems, put protections in place and know the seriousness of external threats.

Companies usually try to patch every loophole and make every system impenetrable. But guess who knows more about these loopholes and ports of penetration than anyone? A company's own employees (or former employees). In reality, disgruntled, former or fired employees or even external service providers are the most likely culprits of a security breach--anyone with "insider information." It is for that very reason that four out of five IT-related crimes are committed from within an organization.

Internal threats might be someone who knows the weaknesses of the software being used or has the ability to introduce viruses into a system. Viruses can come from within simply by opening e-mail attachments. Some employees find it easy to gain access to restricted areas; this may include the possession of unauthorized passwords. If something is password-protected, chances are there is confidential information involved.

Next Step
Help prevent internal theft with "Caught in the Act."

Keep your IT under lock and key with Security and Loss Prevention: An Introductionby Philip P. Purpura.

With all the home office workers, laptops are in frequent use. Many times the security prevention in a laptop is turned off when remotely connecting. This is another major internal vulnerability or internal threat.

So if 80 percent of IT crimes are internal, what should a company do about it?

  1. Perform a security audit, or have one performed.
  2. Unless the knowledge, experience and manpower exist in-house, consult an outside expert on audits, policies, and the subsequent security monitoring and prevention service.
  3. Ensure adequate background checks on employees.
  4. Establish a security policy, and enforce it. This includes implementing things like swipe cards, changing passwords often and restricting sensitive areas. This creates the right attitude toward information security in your company and clarifies the consequences of any found internal breach. A professional consulting firm specializing in policy development can save time and money and ensure an up-to-date policy.
  5. Use firewalls. Firewalls protect against unauthorized logins usually from the outside world, preventing hackers from logging on to your network.
  6. Use virus scanning software. Attachments to e-mails received and passed around are the biggest reason for the spread of viruses.
  7. Implement ongoing managed services.

These are only a few ideas for combating internal security threats that surround us all. Enlist the help of a professional security consulting firm that will do both the audit and policy development before implementing a complete managed services package.

Michael Bruck is the founding partner of BAI Security, an 8-year-old information security consulting firm. Bruck leads his security team with a successful 16-year background in IT management and senior engineering positions. He is also the developer and author of best practices that are becoming standards in the information security consulting business. He can be reached via www.baisecurity.netor by email at mbruck@baisecurity.net.


The opinions expressed in this column are those of the author, not of Entrepreneur.com. All answers are intended to be general in nature, without regard to specific geographical areas or circumstances, and should only be relied upon after consulting an appropriate expert, such as an attorney or accountant.

Editor's Pick

Have More Responsibilities at Work, But No Pay Bump? Use This Script to Get the Raise You Deserve.
Black and Asian Founders Face Opposition at All Levels — Here's Why That Has to Change
Innovation

The Greasy, Glamorous Rise of Mascara

You won't believe the grimy gunk people used to smear on their eyelashes -- and still do.

Business News

'Our Kids Aren't Even Safe To Order Food': Mother Outraged After DoorDash Employee Uses App to Flirt With Teen Daughter

One mom is going viral on TikTok after catching a DoorDash employee attempting to flirt with her 15-year-old daughter through the messaging service provided through the platform.

Business News

An NFL Rookie Scores a $514,000 Jackpot in Las Vegas

Los Angeles Rams running back Ronnie Rivers sat down to play 3-card poker and left a half million dollars richer.

Leadership

3 Expert-Backed Strategies for Blowing People Away With Your First Impression

Nothing is more important than a good first impression. The first five seconds are everything.

Business Ideas

How to Make Thousands of Dollars on the Side As a Virtual Assistant

Apply your skills and experience to create a lucrative virtual assistant side hustle or full-time business.