The Insider Threat Checklist

Posted by: Rod Kurtz on November 25, 2009

When we think about IT saboteurs, the majority of us picture a professional hacker bent on stealing highly confidential information or wreaking havoc with our business. In such cases, the perpetrator is usually an outsider who breaches the data network of a company with malicious intent, be it financial, political, or otherwise. To protect themselves from this threat, businesses have implemented layers of physical and IT security around the perimeter of their organizations. What they have overlooked in the process, however, is a threat which, according to Forrester Research, is responsible for 70% of all data theft: the insider attack.

Internal threats most often come from people who, at one time or another, were on the payroll of the organization and have knowledge of how to navigate the system to gain access to critical data. According to the Ponemon Institute and ArcSight, the average cost to a company for an insider data breach is an astounding $3.4 million. That figure alone is enough for any business take notice.

The rising number of insider attacks may be the result of businesses focusing an increasing amount of their efforts on thwarting external threats while forgetting to protect from within. In today’s world, if you haven’t done so already, good business practice dictates that you begin shifting your focus inward.

There are many places to find information on how to move forward in this area. One guide that might be helpful is the third edition of "Common Sense Guide to Prevent and Detection of Insider Threats," published by the U.S. Secret Service and Carnegie Mellon University’s Software Engineering Institute. The guide outlines 16 best practices to help organizations avoid insider threats. It serves as a perfect checklist for those businesses not sure of their preparedness for such an attack. Some points include:

• Implement strict password and account management policies and practices.

• Log, monitor, and audit employee online action.

• Use layered defense against remote attacks.

• Track and secure the physical environment.

• Use extra caution with system administrators and technical or privileged users.

• Deactivate computer access following termination.

David Ting
Founder and Chief Technology Officer
Imprivata
Lexington, Mass.

Post a comment

 

About

Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.

To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.

BW Mall - Sponsored Links

Buy a link now!