Today’s rough economy is forcing businesses to downsize their workforce.
Now that there are fewer employees, more important information is distributed to each individual. If too may employees have access to sensitive assets, there is more potential for unauthorized action.
The first way to prevent internal threats is to limit which employees have authority to access sensitive information. Proper security requirements should include a password that changes every few weeks and checking your systems every day to ensure a fast reaction. It is critical to have your employees trained so they can detect interference to your internal controls.
Early prevention is the best way to protect yourself and your clients. Other possible solutions are Internet filtering services that disable access to websites that don’t pertain to business. This service can be used to monitor and disable the use of USB devices and DVD drives.
It is important to set up filters or alerts that will notify when an incident occurs. One example is Cyber-Ark. Cyber-Ark emails a designated person to notify them that someone is accessing a specific account. The software service also allows the designated person to decide whether to grant permission or not.
According to a SANS survey, more than 60% of companies allow employees to bring their phone to work. According to another study released by Cyber-Ark Software in 2011, about 60% of U.S. workers said they downloaded sensitive corporate data in anticipation of a future layoff. Ponemon Institute also published a survey stating the same percentage of terminated employees take that data with them when they leave.
It is unfortunate, but every business with an online database is a threat to internal attacks. It is more important to know in real-time that your system has been breached. Make sure you are knowledgeable and capable in preventing an internal threat.