Beware the enemy within


Safeguarding sensitive business information from unscrupulous employees need not be complicated

No employer wants to believe their employees are malicious.

Trust is an essential part of a healthy company, but there comes a time when an employer must put aside their innate optimism and look after the internal security of their business.

“People are the most precious resource for a company – of indeterminable value – but companies need to remember the human factor is also the biggest risk,” says Frank Kenney, vice president for global strategy at business software company Ipswitch.

Security firms have found that 60 per cent of theft of information comes from insiders and, according to Verizon, 93 per cent of the breeches examined by them were deliberate.

“London is a big city, people have very high-pressure jobs and the economic climate is completely unfavourable. These factors might well lead to an increase in this behaviour,” suggests Dan Dunford, security and fraud product specialist at  Attachmate.

The 2010 report on occupational fraud and abuse by the Association of Certified Fraud Examiners found that firms lose an average of five per cent of annual revenue to various types of fraud each year, resulting in a total loss of nearly $2.9 trillion globally.

“Beware the insider is a vital warning,” says Phil Beckett, director at consultancy firm Navigant.

 “Companies are susceptible to all kinds of data theft. Cybercrime is a huge industry and attacks from outside the company are a real danger. But it is the threat from insiders that makes them most vulnerable.”

Insider breeches often come as a surprise. Employers expecting to find the stereotype of a malcontent employee can find themselves getting burnt. An ambitious, well-liked worker can just as easily have a hidden criminal agenda.

“Insiders pose such a considerable danger to companies because they are not always easy to spot. Working within the context of where the crime is committed makes their task all the more simple,” says Robert Willison, Lecturer in Business Analysis, Systems and Information Management at Newcastle Business School.

Becoming a super-sleuth doesn’t have to involve glaring over your employees’ shoulders or cyber-frisking them on a daily basis. There are a number of less obvious preventive and detective measures you can employ to protect your company.

Detection is good but prevention is the goal

  • Robust recruitment techniques are a must. How many employers simply don’t follow up references? “It is incredible how many people lie on their CVs and never get caught,” says Beckett.
  • Limit the use of personal storage devices. Landesk conducted recently a survey which showed that 74 per cent of the UK workforce admitted using their own devices, such as USB sticks, at work. This poses a huge risk for companies. Of the three quarters of staff using personal devices, the same amount admitted to saving work-related documents on their own equipment.
  • Ignorance is bliss. New employees should be made to sign acceptable use policies that outline what is and isn’t allowed.
  • Make sure employees only have access to the information they need. Most companies are great at giving an existing employee new permissions and access but are not so good at removing old permissions.
  • Segregation of duties is an oldie but a goodie. No person should be given responsibility for more than one related function. If you demand two or more employees to collaborate on very sensitive roles and actions, then unauthorised activities are less likely.
  • Effective exit strategies are essential. You’ll probably remember to get their keys off them but it’s frightening how many ex-employees still have remote access ability. Passwords should be changed throughout the company.

Detecting insider attacks.

  • Look for unusual traffic patterns. Most data breeches involve moving large amounts of information between unauthorised locations. Working out normal traffic patterns will help you recognise those that warrant investigation.
  • Review event logs. Be on the alert for unexpected or excessive log-ons and unusual log-on times.
  • Record data access. Tracking who is responsible for every instance of data access is a helpful way to identify a problem.
  • Look for unusual files. Monitor emails that carry large attachments and look for unexpected file extensions lurking in unusual places.



Related Files

2011 Verizon Date Breach Investigations Report