The biggest danger to your IT operation might not be unpatched flaws, worms, viruses, or weak firewalls—it could be someone you know by name.
Think about it. Who knows better how to penetrate your system—a hacker or a disgruntled employee down the hall who already has access? It's crucial to look beyond obvious security threats to prepare for intrusions from the inside. Here are some of the types of employees who may pose a risk, along with some tips on how to prepare for the damage they can inflict.
Personality #1: The nearly terminated employee
One of the most obscure security threats is the employee who is in the process of being terminated—and who suspects that he or she is on the way out. These people represent a great potential danger to your company's confidential data, since they may have the time and incentive to cause serious damage.
Personality #2: The longtime employee
Top employees who have worked at a company for many years may have access to important files and system administration information. Stress, power struggles, or even a long-standing grudge may cause an employee to lash out against a company by threatening the IT network. No matter how loyal or respectable employees may seem, some are capable of seeking revenge by wreaking havoc on confidential files.
Personality #3: The resigning IT employee
Another often-overlooked threat to security is the technical employee who copies important files upon leaving a company. Often, employees document their work history and retain data from projects to place in their portfolios. Although creating a portfolio is an acceptable practice, employers may overlook the removal of important information. These workers may be removing proprietary or confidential data, such as customer lists and trade secrets, without realizing just how sensitive or valuable the information is.
Handling these threats
Once you identify these potential security threats, it's imperative that you guard against them. The TechRepublic community of IT professionals recommends that you:
- Encourage employees to keep a written log of projects and milestones as a better record and let them know that removing files is against company policy.
- Prohibit terminated employees from removing any files without authorization by changing account passwords while the employee is being informed of the termination.
- Consider adding one employee with a background in law-enforcement work, particularly if you can find such an individual with a technical background.
Evolving perils inside and out
In today's ever-changing world of enterprise technology, you can never rest easy for long. Security threats are always evolving, both inside and outside your network, so it's vital to stay on top of the latest security issues. Your career success depends on how you proactively seek, identify, and eliminate vulnerabilities before they cost your business money and productivity. To help you live up to the challenge, TechRepublic has created the IT Security Survival Guide.
This informative guide will help you:
- Understand the scope of external and internal security threats.
- Audit IT policies to ensure effectiveness.
- Use hacker tools to diagnose network vulnerabilities.
- Decipher Cisco log files.
- Beef up wireless security.
- Enhance Exchange server security.
- Lock down IIS servers.
- Educate end users.
Put the power of TechRepublic's IT Security Survival Guide to work for you
Order your copy of TechRepublic's IT Security Survival Guide today. This time-saving book and CD collects valuable tips and proven solutions to help you identify and eliminate weak points in your network.
Outsmart the hackers and disgruntled employees. Look beyond obvious threats and keep updated on IT security to avoid potential disasters that threaten your company's network.