High-profile breaches of private data are often the results of lost or stolen equipment, malicious hackers, or improperly disposed of storage devices. Yet, the July 2008 arrest of a network administrator who hijacked the city of San Francisco's network focused the spotlight on a potentially more dangerous threat—your own admins.
In this IT Dojo video, I discuss the following five security practices that will help protect your company secrets from the very people who should be keeping them safe:
- Follow the rule of least privilege
- Not all IT staff should be domain admins
- Monitor additions to admin-level groups
- Log all administrative activity
- Immediately revoke admin rights for terminated IT staff
After watching the video, you can read more on these five security suggestions in Tom Olzak's article, "How do you keep your sys admins from stealing company secrets?"—the basis for this video.
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.