Get All Access for $5/mo

Security Threats From Within Few know as much about your IT security as your employees and former employees do. Here's how to safeguard your technology from the inside.

Q: I have heard that one of the biggest information security threats to a company can come from within. Is this true? What exactly does it mean, and what can be done about it?

A: When people think of an information security threat or a "security breach," thoughts of bad buys, gangsters and hackers come to mind. Companies usually make sizeable investments to prevent intrusions to their systems, put protections in place and know the seriousness of external threats.

Companies usually try to patch every loophole and make every system impenetrable. But guess who knows more about these loopholes and ports of penetration than anyone? A company's own employees (or former employees). In reality, disgruntled, former or fired employees or even external service providers are the most likely culprits of a security breach--anyone with "insider information." It is for that very reason that four out of five IT-related crimes are committed from within an organization.

Internal threats might be someone who knows the weaknesses of the software being used or has the ability to introduce viruses into a system. Viruses can come from within simply by opening e-mail attachments. Some employees find it easy to gain access to restricted areas; this may include the possession of unauthorized passwords. If something is password-protected, chances are there is confidential information involved.

Next Step
Help prevent internal theft with "Caught in the Act."

Keep your IT under lock and key with Security and Loss Prevention: An Introductionby Philip P. Purpura.

With all the home office workers, laptops are in frequent use. Many times the security prevention in a laptop is turned off when remotely connecting. This is another major internal vulnerability or internal threat.

So if 80 percent of IT crimes are internal, what should a company do about it?

  1. Perform a security audit, or have one performed.
  2. Unless the knowledge, experience and manpower exist in-house, consult an outside expert on audits, policies, and the subsequent security monitoring and prevention service.
  3. Ensure adequate background checks on employees.
  4. Establish a security policy, and enforce it. This includes implementing things like swipe cards, changing passwords often and restricting sensitive areas. This creates the right attitude toward information security in your company and clarifies the consequences of any found internal breach. A professional consulting firm specializing in policy development can save time and money and ensure an up-to-date policy.
  5. Use firewalls. Firewalls protect against unauthorized logins usually from the outside world, preventing hackers from logging on to your network.
  6. Use virus scanning software. Attachments to e-mails received and passed around are the biggest reason for the spread of viruses.
  7. Implement ongoing managed services.

These are only a few ideas for combating internal security threats that surround us all. Enlist the help of a professional security consulting firm that will do both the audit and policy development before implementing a complete managed services package.

Michael Bruck is the founding partner of BAI Security, an 8-year-old information security consulting firm. Bruck leads his security team with a successful 16-year background in IT management and senior engineering positions. He is also the developer and author of best practices that are becoming standards in the information security consulting business. He can be reached via www.baisecurity.netor by email at mbruck@baisecurity.net.


The opinions expressed in this column are those of the author, not of Entrepreneur.com. All answers are intended to be general in nature, without regard to specific geographical areas or circumstances, and should only be relied upon after consulting an appropriate expert, such as an attorney or accountant.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Franchise

The Top 10 Coffee Franchises in 2024

From a classic cup of joe to a creamy latte, grab your favorite mug and get ready to brew up success with the best coffee franchises.

Marketing

How Small Businesses Can Leverage Dark Social to Drive Word-of-Mouth Marketing

Dark social accounts for 70% of social media shares and is crucial for small businesses. Here's how you can tap into this hidden marketing opportunity.

Business News

'Jaw-Dropping Performance in 2024,' Says a Senior Analyst as Nvidia Reports Earnings

Nvidia reported its highly-anticipated third-quarter earnings on Wednesday.

Business News

'Do You Sell Cars?': Tesla CEO Elon Musk Trolls Jaguar Rebrand on X

The team running Jaguar's X account was working hard on social media this week.