• United States



Managing Editor

Greatest Corp. Infosec Threat Comes From Within

Feb 13, 20062 mins
CSO and CISOData and Information Security

An article in The Wall Street Journal today begins: “The biggest threats to information security often don’t come from hackers.  They come from a company’s own employees.”

The Journal raises a valid point, and though it’s easy to picture some bandit behind a mask and a keyboard when imagining information security threats, in today’s fast paced, fraud-invested world that’s simply not the case.

Insiders pose the biggest threat because, unlike some hacker off in the Czech Republic, you’ve already bestowed upon them a powerful tool, one that is prone to exploitation: Trust.

As Scott Charney, Microsoft’s chief security strategist, told The Journal, “You’ve given them the keys to the castle.  The more important they are to the organization, the more access they have.”

The article suggests eight precautions to take to protect your company from the enemy within.  They are as follows:

1) Know Your Risks.  Examine and understand exactly where and how your company may be vulnerable to the misdeeds or mistakes of its employees.

2)  Know Your Insiders.  Perform background checks before you hire potential candidates.

3) Teach Security.  Most insider-related security issues are unintentional.  Educate employees to avoid these mistakes.

4) Classify Your Data.  There is a reason why the U.S. government uses Confidential, Secret and Top Secret classifications.  The key is making it simple for employees to comprehend and use the classification system.

5) Limit Access.  After a comprehensive classification system is developed, companies need to set access controls so the good guys get and in and the bad folks don’t.

6) Use Encryption (Wisely).  Scrambling your data so that it can’t be read even if someone illegally accesses it is never a bad idea. You’d be wise to encrypt any and all sensitive data.

7) Monitor, Filter, Block.  There is software out there that monitors, filters or blocks e-mail from employees and other related computer activities.  If the Big Brother overtones don’t bother you, employing these types of software certainly doesn’t hurt.

8) Hold Employees Accountable.  Employees need to know the rules regarding information security at your company, and it’s equally important that they know and understand the repercussions of breaking-or even bending-any of those rules.

The Dangers Within.

For the complete Journal story, read

Don’t forget to keep checking in at our CSO Security Feed page for updated news coverage.

Managing Editor

Al Sacco was a journalist, blogger and editor who covers the fast-paced mobile beat for and IDG Enterprise, with a focus on wearable tech, smartphones and tablet PCs. Al managed writers and contributors, covered news, and shared insightful expert analysis of key industry happenings. He also wrote a wide variety of tutorials and how-tos to help readers get the most out of their gadgets, and regularly offered up recommendations on software for a number of mobile platforms. Al resides in Boston and is a passionate reader, traveler, beer lover, film buff and Red Sox fan.

More from this author