« IT budgets, how to make them work for you | Main | Is Software as a Service the right choice for you? »

February 17, 2009

Insider attacks and how to prevent them

Theinsider The traditional picture of a hacker is a shadowy figure somewhere in eastern Europe or the far east, doing something arcane that results in unexpected transactions on your credit card bill.

 A more unpleasant prospect though is an 'inside attack' on your business, by someone you used to work with, an ex-employee.  Microsoft has recently warned that insider attacks will rise, and the 2007 e-Crime Watch Survey  (conducted by the Software Engineering Institute at Carnegie Mellon University) showed a steady rise in reported insider attacks over the four years to 2007.

Generally considered amongst security professionals to be one of the most dangerous and overlooked threats, insider attack (by a current or former employee or contractor) is possibly your biggest security risk.

So are you at risk? 
Almost certainly.  In the current climate staff redundancies will increase your risk of insider attack, but contractors who leave in the normal course of their contract or even staff who voluntarily leave may present a risk.

So what can I do about it? 
Fortunately, like many issues surrounding computer security, it is relatively easy to reduce your risk.  The following measures will drastically reduce the risk of insider attack, and will also have some other positive 'knock on' effects in your IT.

  • Ensure staff user accounts have only the privileges they require to do their job.  Don't let people share accounts, especially those with Administrative access.
  • Implement strict password and account management policies.  Staff with lower privileges should have more relaxed policies, but privileged IT staff, contractors or third parties should have stronger passwords, changed more frequently.
  • Log, monitor and audit employee actions, and document this clearly in employee contracts or associated policies.
  • Operate a simple procedure governing how a users account is managed when they leave, which ensures their account is deactivated promptly.
  • Make sure you have a good backup and recovery processes which can effectively restore data if it is destroyed.

If you put these measures in place you prevent both the likelihood of attack, and also the potential damage if an attack does take place.  There are other positive knock-on effects from these practises; including preventing accidental data loss, making troubleshooting of system faults easier and improved staff exit procedures.  No-one likes to think this could happen, that people you've worked with every day could damage your business, but prevention is better than cure, so deal with it as you would any other business risk.

Posted by Richard Bartlett on February 17, 2009 at 08:18 AM in Security |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54fc9f29c883401116869bcf0970c

Listed below are links to weblogs that reference Insider attacks and how to prevent them:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment