Insider threat to corporate information security

Unauthorized access to information resources by trusted insiders poses even greater threat to corporate security than external attacks, as insiders typically have legitimate reasons to access sensitive information, such as corporate data and customer database.

Insider abuse

Use Balanced Scorecard metrics designed in Excel to measure IT security performance.

Unauthorized access to confidential information is largely considered an external threat. However, most of serious security breaches such as the loss of sensitive information, financial fraud and denial-of-service attacks are often associated with unauthorized use of data by trusted employees inside the company. “Insider” is an individual who has been authorized to use specific information resources.

Insiders often possess information of substantial value as they may obtain access to their employer’s information systems and find a way around existing security measures through legitimate means. Insider activity might involve such incidents as compromising, manipulating, exceeding authorized access to, tampering with and even disabling company’s information resources, workstation, or network.

In many cases, security breaches require little technical sophistication: trusted insiders often abuse company’s non-technical vulnerabilities, such as business rules and organization policies, rather than vulnerabilities in information systems and network. In this connection, it is essential for corporate management to secure confidential information resources from unauthorized access by employees at all levels. However, innovative technology providing for data content analysis and intelligent monitoring, may also be of great help.

Security breaches in corporate information security may cause significant damage

Don't let insider to recover valuable data

Insiders could steal valuable data by recovering sensitive files from hard disk. Consider using Shred Agent background file shredder utility. This tool helps to wipe files automatically, even recycle bin and temporary files and prevent insiders activity.

Most often sensitive information is at risk when it is transferred outside the corporate network or stored in an unauthorized location. The confidential data that can be copied into a word processing application, e-mail or instant message or transferred to another format is usually the most vulnerable part of corporate information security. To secure sensitive information, specific access controls should be set in place.

Typically, a wide range of individuals and groups has access to the corporate network: from employees at all levels of authority to suppliers to customers to vendors. User access policies should consider what people in which department can be granted access to particular information resources. For instance, employees in the finance department must be given access to accounting information, while employees in the technical department are not supposed to access this type of data. However, assigning access to specific resources is not sufficient.

Who guarantees the trusted employee will abide by the corporate security policy and use her access privileges as intended? For example, password and login data can be intercepted as a result of personal negligence or even malicious activity. Besides, it should be taken into consideration that access controls are focused on protecting a particular document or application versus the valuable information it contains. The sensitive information stored in a protected file can be compromised through email, instant messaging, or internet bulletin board. Information is also at risk if it can be easily transferred outside the corporate network to a portable device, compact disk or some other repository.

Security breaches associated with insider activity may cause considerable damage to a corporation, ranging from illegal distribution of the company’s intellectual property to the loss of customer data and business disruption. The reputation damage is also a significant risk. That’s why major companies try to avoid public announcements on insider abuse as these publications might have a negative effect on brand integrity or the whole industry reputation.

Corporate security strategy should prevent insider abuse

To protect company’s sensitive data, strong information security policy should be set in place. In terms of a large-scale corporation, it is a hard challenge to ensure that all employees at all levels comply with the company’s security standards. User access policy should provide for rigid adherence to access controls procedures, ensuring that every piece of confidential data is secured and the amount of data access privileges is extremely limited.

The files containing sensitive information should be stored in a specific location. It should be immediately detected if the data was transferred across the corporate network or to an external device. To reduce insider theft risks, it is essential to monitor and audit user activity across the entire network on a regular basis.

In other words, internal security is an exceptional challenge for corporate management and it should be addressed with strategies appropriate to a particular organization.

Find Protected is an utility to force Password Security policy

Find Protected allows to detect incidents, when one break Password Security Policy.

Prevent using password protection for not-sensitive documents
Prevent information leakage, when one keep sensitive file in non-secure location
Prevent in-appropriate using of password protection (for example, password protection of personal files)

You can download now an evaluation version of Show Hidden Files program. Download Show Hidden Files.

Visit Ordering page to obtain more information about pricing. Visit Ordering Page.

Visit Support page to ask some question about Show Hidden Files. Obtain support.

YOUR FEEDBACK

Please, let us know what you think about this article: