When Securing Your Data and Network, Just Look Inside

by Robert Driscoll on January 28, 2010

Securing your company or organizations network and/or data is more critical today than ever.  Unfortunately, too often we take it for granted and don’t even realize that our environment could be easily compromised.  The worst thing that any person in the IT department can do is ignore the potential risks to their environments.  When it comes to security, the three easiest remedies one could do is:

  • Monitor your security logs regularly
  • Constantly update and patch your software
  • Train your staff and regularly remind them of the threats to your network and data

Instead of writing about security threats in a general manner, I’m going to focus on one area and how to possibly help mitigate it:  insider attacks.

A study conducted in 2008 by the Verizon Business Risk Team noted that of the 500 intrusions they investigated over a four year period, 18% of them occurred internally by employees.  Of that 18%, over half of the breaches were done by employees in the IT department.  While most breaches occur in larger companies where it can be harder to track employees, they can and will occur in smaller companies as well. 

There are pros and cons to the number of people who have access to your company’s critical data and network.  The pros to a larger group of people having access to your critical data and networks is continuity in the event someone should leave or something happens to someone.  The obvious con is that you have too many people who have access to your critical components.  The pros to having a smaller group of people who have access to this environment is that you minimize the risk for an impact.  The flip side is that if you minimize it so much that you entrust everything to one person with no one able to back them up, it’s just a matter of time before disaster strikes.  Take for instance when the City of San Francisco was unable to access their WAN because of a rogue network administrator who blocked entry to anyone.  The network administrator was the only one who fully understood the network and therefore they were the gatekeeper.

So how do we minimize or eliminate these risks?

  • Have more than one administrator – but not too many.  Always have a continuity plan in place.  Not only for your data and your infrastructure, but also for those who have access to it.
  • Have a stringent hiring process.  If it’s critical environments that the person will be in charge of protecting, do the appropriate background checks (criminal, credit, etc…) before hiring them.
  • Constantly review and update your security policies as well as providing periodic training to your employees to remind them and keep them aware of the policies that are in place.

When guarding your organizations critical data and/or network, never put your guard down and never put too much trust in to just one person.  There must always be checks and balances.  What commonality exists in all security breaches?  Most of them could have been avoided through reasonable controls.

Related Articles

Previous post:

Next post: