Unintentional (But Very Real) Internal Threats: Page 2
The reason I bring this up is, if youll recall from last month, there are all these people who have access to you physical spaces that you have little or no control over. Cleaners, caterers, contractors. If Alice isnt going to protect her password, do you think shes left her user name lying around? Whats to prevent the hired help from taking advantage of the situation?
As we talked about before, in many situations, you have no ability to vet the employees of your contract labor. You also have limited ability to monitor work being done outside normal business hours.
You might be saying to yourself that Alices laxness with her password and user name arent really a major problem, since she doesnt have access to critical systems or data. But what does she have access to? Memos between the CEO and the CFO about the next round of venture capitalization? Plans for going public? What would the loss of this information mean to the organization?
I want you to be able to look at your organization with an eye for security hotspots. Anyone can identify the unsecured fire door, or the modem tied into the office server. What you need to be able to identify is the invisible threat of the stranger at your door (contractors), the well-intentioned, and the dearly departed.
You can do a lot of things to handle these threats. Policy implementation can force updates to operating systems, enforce strong passwords and prevent the installation of unauthorized software. Education brings a better understanding to your employees about the threats they confronted with on a daily basis. Finally, knowing your employees as people with families, hopes and dreams, and problems as well. You can identify potential problem areas when you know the people who work with and for you.
On Wednesday, Sept. 27, I will be participating in a webcast discussing this subject. Youll hear about these employees and others in detail. Hopefully, you will gain better insight into identifying possible situations before problems arrive. I hope youll join me. For more information, check here.