CXO

Video: Five ways to keep your own IT staff from stealing company secrets

The arrest of a network administrator who hijacked the city of San Francisco's network brought attention to a dangerous and often ignored threat--your own admins. In this IT Dojo video, Bill Detwiler discusses security practices to protect company secrets from the very people who should be keeping them safe.

High-profile breaches of private data are often the results of lost or stolen equipment, malicious hackers, or improperly disposed of storage devices. Yet, the July 2008 arrest of a network administrator who hijacked the city of San Francisco's network focused the spotlight on a potentially more dangerous threat—your own admins.

In this IT Dojo video, I discuss the following five security practices that will help protect your company secrets from the very people who should be keeping them safe:

  1. Follow the rule of least privilege
  2. Not all IT staff should be domain admins
  3. Monitor additions to admin-level groups
  4. Log all administrative activity
  5. Immediately revoke admin rights for terminated IT staff

After watching the video, you can read more on these five security suggestions in Tom Olzak's article, "How do you keep your sys admins from stealing company secrets?"—the basis for this video.

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

Editor's Picks

Free Newsletters, In your Inbox