IT Employment

General discussion


Are your employees the biggest security threat?

By milal ·
A new article in TechNewsWorld discusses the increase of security breaches committed by employees:

...interesting case. Much of the time we focus on preventing attacks from anonymous internet criminals, when often information leaks can be attributed to company policy or employee actions. Remember the Starbucks fiasco when an email coupon sent by Starbucks itself led to loss of revenue and public embarassment?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Not true

by -Q-240248 In reply to Are your employees the bi ...

"Much of the time we focus on preventing attacks from anonymous internet criminals, when often information leaks can be attributed to company policy or employee actions."

Not true. Companies must also watch for internal misuse and fraud, especially in lieu of the recent company scandals and SarbOx. That is why there are products such as anomoly detection and auditing/auditing controls. We audit userIDs, make sure the principle of "least priviledge" is followed, to bbe certain they have no more access than necessary, and we audit inmportant data, to keep track of who accessed what...etc.
Collapse -

You're next....

by mroonie In reply to Are your employees the bi ...

Yeah, people need to actually start doing some THINKING!

I just read an article in information week about how people are getting too used to having security software alerting them of danger. We have brains while software doesn't! We should be able to make our own choices about our internet security. Too many individuals install Norton and think they're good to go, or businesses think they got a firewall and a secure server and they're ready to do business. Norton and Firewalls do nothing to prevent our lack of common sense. In fact, it just fuels our laziness; waiting for that red flag from Norton saying "You've got a virus!"

Security software should be flexible and give us choices. It should not be expected to do the work for us. Those who are used to the install and run model of doing things need to stop being so lazy. Otherwise someday it will be YOU who will cost your company millions of dollars and it's reputation for a mishap.

Collapse -

Business managers must recoginize this

by JP_The_IT_Guy In reply to Are your employees the bi ...

So often when I discuss security with SMB business owners / managers, they think only in terms of firewalls and keeping hackers out.

I emphasize that the risk isn't hackers, the business is too small and it really isn't that easy to go in through a reasonably well protected Internet connection, especially in a cost/gain analysis by an attacker.

However, it can be surprisingly easy for someone to pose as a help desk tech, gain the the confidence of an employee, and then take their information and escalate their priviledge to full admin. The weakest link can be the employees, _who_already_have_legitimate_access_.

The solution isn't to not trust employees. That way leads to rediculous discusssions like how can you prevent employees from printing text that is on their computer's screen. (The best option there isn't the technical one of making it very difficult for the employee to print, but a legal one where the company's stated policy is termination and litigation.) The solution is to have the necessary technical (least priviledge, account audits) and legal (dismissal, litigation) measures in place and educate the employees about those measures.

Employees are one of the most valuable assets that a company has. It is important to maintain their productivity while still protecting the comapany against the risks that result from having employees. As long as the company has employees, there will be risks. You can't make the risks go away, but you can manage them and even insure against them.

Collapse -

Availability of easy USB ...

by pmshah In reply to Business managers must re ...

connectivity has proven to be a major risk in a number of cases that I have read about. Collusion by any other employee is not required. How else do you explain CD capacity worth of confidential customer/client data being sold on the streets? In fact I did a search on the internet where the USB ports were OFF the mainboard & only available in old time header form. I couldn't find any.

Related Discussions

Related Forums