![dataloss logo](/images/dataloss-logo.png)
BreachExchange mailing list archives
Prevent Employees From Hacking You Computer System
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 29 Sep 2015 18:35:29 -0600
http://www.investopedia.com/articles/professionals/092915/prevent-employees-hacking-you-computer-system.asp Companies of all sizes face cyber security threats from hackers, criminals and even current and former employees. While it is virtually impossible to keep all the bad guys out, there are ways to put a lid on inside jobs. Threats come from all around a business, but inside jobs can be particularly painful. After all, some current and former employees hold the keys to the castle in terms of the computer systems and the data that resides on them, and they can cause serious damage. Take the Target Corp. (TGT) breach in December of 2013 when millions of people’s data was stolen. Target and security experts said insiders likely played a role. Or what about the Sony Pictures computer breach of December of 2014? By January, some cyber security experts said the attack was the handiwork of a group of disgruntled employees. Protecting a company’s computer system from its own employees is not always going to be easy, but in this era where employees are bringing their own digital devices to work, it has become a necessity. From limiting access to making sure accounts are canceled, here is how to prevent employees from walking off with data or worse, unleashing a devastating virus on a company's network. Limit Access to Sensitive Data One of the easiest things a company can do to protect itself from an employee who is up to no good is to limit the access everyone has to the computer network and sensitive company data. Long-gone are the days when everyone knows the login and password of the network administrator. Only employees with legitimate reasons for accessing the network, like IT, should have access. The rest of the employees should be locked out, unless there is a business-related reason for giving him or her wider access. After all, the last thing you want to happen is for customers’ information, business account numbers and competitive secrets to fall into a disgruntle employees hands. Encrypt All Sensitive Data With threats coming at businesses every which way, an easy way to protect data is to make sure it is encrypted. If an employee gets access to all that sensitive data and the data is encrypted, it won’t matter. But if it isn’t encrypted, it is happy hunting for the bad guys. Take the Sony Pictures hack. It was particularly devastating because a lot data was not encrypted. Cancel Cloud, Email, Network Accounts Cloud computing has been embraced wholeheartedly by businesses of all sizes, but what many fail to do is cancel the accounts of former employees. The reasons for not doing it can range from forgetting or not thinking it is unnecessary. But not doing so can create a big security risk. In fact, not taking the steps to offboard employees by canceling email accounts and cloud accounts, taking back company technology and making sure the worker no longer has access to the network can mean stolen secrets, lost data, data breaches and potential compliance failures. Set Alerts for Attempts to Enter the Network One of the best defenses against employee hacks is to be on the offensive and that means setting up ways to know if someone who shouldn’t be is trying to get into the network. There is software that companies can buy that will alert them if say Joe in marketing is trying to get into the payroll system or Karen the receptionist is trying to access the customer relationship management system. Know Your Enemy Nobody is saying a business has to keep a dossier on every employee, but the company should be aware of who is not happy and even potentially disgruntled. There are a lot of telltale signs that a worker is unhappy and companies should be alert to them. The Bottom Line Companies of all sizes face cyber security threats from a lot of different groups, but nothing can be more devastating than an inside job. In order to protect an enterprise, companies have to limit access, encrypt data, stay on top of their employees’ satisfaction and most importantly make sure all accounts of an ex-employee are canceled. Employing those strategies can go a long way in keeping disgruntled workers from wreaking havoc on a company’s business.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Prevent Employees From Hacking You Computer System Audrey McNeil (Sep 30)