BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Prevent Employees From Hacking You Computer System

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 29 Sep 2015 18:35:29 -0600
http://www.investopedia.com/articles/professionals/092915/prevent-employees-hacking-you-computer-system.asp

Companies of all sizes face cyber security threats from hackers, criminals
and even current and former employees. While it is virtually impossible to
keep all the bad guys out, there are ways to put a lid on inside jobs.

Threats come from all around a business, but inside jobs can be
particularly painful. After all, some current and former employees hold the
keys to the castle in terms of the computer systems and the data that
resides on them, and they can cause serious damage. Take the Target Corp.
(TGT) breach in December of 2013 when millions of people’s data was stolen.
Target and security experts said insiders likely played a role. Or what
about the Sony Pictures computer breach of December of 2014? By January,
some cyber security experts said the attack was the handiwork of a group of
disgruntled employees.

Protecting a company’s computer system from its own employees is not always
going to be easy, but in this era where employees are bringing their own
digital devices to work, it has become a necessity. From limiting access to
making sure accounts are canceled, here is how to prevent employees from
walking off with data or worse, unleashing a devastating virus on a
company's network.

Limit Access to Sensitive Data

One of the easiest things a company can do to protect itself from an
employee who is up to no good is to limit the access everyone has to the
computer network and sensitive company data. Long-gone are the days when
everyone knows the login and password of the network administrator. Only
employees with legitimate reasons for accessing the network, like IT,
should have access. The rest of the employees should be locked out, unless
there is a business-related reason for giving him or her wider access.
After all, the last thing you want to happen is for customers’ information,
business account numbers and competitive secrets to fall into a disgruntle
employees hands.

Encrypt All Sensitive Data

With threats coming at businesses every which way, an easy way to protect
data is to make sure it is encrypted. If an employee gets access to all
that sensitive data and the data is encrypted, it won’t matter. But if it
isn’t encrypted, it is happy hunting for the bad guys. Take the Sony
Pictures hack. It was particularly devastating because a lot data was not
encrypted.

Cancel Cloud, Email, Network Accounts

Cloud computing has been embraced wholeheartedly by businesses of all
sizes, but what many fail to do is cancel the accounts of former employees.
The reasons for not doing it can range from forgetting or not thinking it
is unnecessary. But not doing so can create a big security risk. In fact,
not taking the steps to offboard employees by canceling email accounts and
cloud accounts, taking back company technology and making sure the worker
no longer has access to the network can mean stolen secrets, lost data,
data breaches and potential compliance failures.

Set Alerts for Attempts to Enter the Network

One of the best defenses against employee hacks is to be on the offensive
and that means setting up ways to know if someone who shouldn’t be is
trying to get into the network. There is software that companies can buy
that will alert them if say Joe in marketing is trying to get into the
payroll system or Karen the receptionist is trying to access the customer
relationship management system.

Know Your Enemy

Nobody is saying a business has to keep a dossier on every employee, but
the company should be aware of who is not happy and even potentially
disgruntled. There are a lot of telltale signs that a worker is unhappy and
companies should be alert to them.

The Bottom Line

Companies of all sizes face cyber security threats from a lot of different
groups, but nothing can be more devastating than an inside job. In order to
protect an enterprise, companies have to limit access, encrypt data, stay
on top of their employees’ satisfaction and most importantly make sure all
accounts of an ex-employee are canceled. Employing those strategies can go
a long way in keeping disgruntled workers from wreaking havoc on a
company’s business.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: