(August 10) You’ve gone to great lengths to protect the enterprise against external security threats arriving in the form of malware, viruses, Trojans, and the like. But have you taken the same precaution against insider threats, both of the malicious and accidental variety?
Despite increased education, publicity, and expert advice devoted to the topic, insider threats still remain a leading security issue for enterprises, particularly those operating under the notion of “it can’t happen to us.” As Pierluigi Stella, CTO at Network Box USA (www.networkboxusa.com), says, “Internal fraud is rampant. Stealing does happen. It is a fact, and prevention is the best way to stop the flood.” Here are some tips to help do just that.
✔Recognize The Types Of Insider Threats
Typically, says Jeff Goldstein, inside solution architect, security, at CDW (www.cdw.com), there isn’t a traditional corporate espionage scenario at work in small to medium-sized organizations. More likely are “employees, who might be worried about job stability, sending potentially sensitive company information to their personal email or devices to save for later use,” he says.
James Quin, lead analyst at InfoTech Research Group, says his firm’s research indicates that accidental leakage of confidential, privileged, or sensitive information occurs significantly more often than other threats. Stella says although damage occurs unintentionally and “you may not fault the employee too much,” such threats are still relevant.