5 Critical Ways to Protect Yourself From Your Employees

Updated: March 31, 2010

The insider threat is posed by employees, contractors, and visitors that are granted too much trust. In some cases that trust is almost naively granted. Anyone within an organization could have motivations, access to resources, and the tools to steal information, or even destroy critical resources. While often overlooked, the insider threat actually outweighs the threats from cyber criminals, hackers and the random malware that most organizations concentrate on. It is the insider that understands where the keys to the kingdom are hidden.

In my travels I talk to a lot of people on the airplane. When I mention that I am in security to a small business owner I often get the same response: "You know, I think I have a problem with my IT guy." Since most small businesses seem to rely on one key person for most of their computer and network support it is not surprising that that one person poses a risk. What if he/she gets mad and leaves? Will he be nice and help the transition, or will he take the customer lists, passwords for critical servers, or even be malicious and destroy data and resources? The City of San Francisco had a problem when Terry Childs, a 43-year-old computer network administrator, changed all the passwords to the Cisco routers on their WAN and refused to give them up even after being jailed.

Large organizations have the ability to create divisions of labor and deploy lots of technology to counter such risks. But what is a smaller organization to do? Here are five steps to take.

  1. Post your acceptable use and confidentiality policy. Sounds basic but this is the first step. Don't let someone argue that they did not know it was wrong to steal the customer list or access your servers after they left your employee.
  2. Deploy URL content filtering. This is available at modest cost from any UTM vendor (Sonicwall, Fortinet, Cyberoam, Watchguard). Block access to non-productive sites and create a custom splash page that informs your employees that browsing to a particular site violates company policy. This creates the awareness that "big brother is watching."
  3. Fix your password policy. While full Identity and Access Management solutions are expensive there are protections and controls you can employ just with Windows Active Directory(AD). As soon as an employee leaves remove them from AD.
  4. As part of your new policy require all passwords for servers and routers (privileged access accounts) to be updated at least monthly and copies of them be available to the business stake holders, even if they are printed out and put in a safe.
  5. Network monitoring. Use free network sniffing technology (Wireshark, or Netwitness) to monitor for unusual behavior. I am not suggesting that you make a huge investment here, just enough to let even the people who work on your IT systems know that you are watching and able to enforce that Acceptable Use Policy.

The first time you fire up a network monitoring solution you may be surprised to discover the activity on your network: copies of LimeWire sharing documents or copyrighted material, web servers, spam bots etc. It can be an eye opener.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more