Guarding Against The 'Inside Job'
Youve protected your network from anonymous black hats. But what about your own employees and contractors?
It might also include a back-up policy for data and a mandatory hard wipe for laptops that are shared within the organization for travel purposes. This precludes data from unintentionally ending up with an unauthorized user.
Youve also educated your organization regarding external threats, whether from dedicated hackers intent on stealing your corporate knowledge, or from random attacks designed to take advantage of weaknesses in your security policy and practices. This education has included good email practices and safe surfing habits.
So far, so good.
Consider the contractor who is on your network to provide some type of service. Perhaps a company is assisting with infrastructure issues like cable-pulling, or an outside accounting firm is helping with a finance upgrade. Youve done the check on the company; theyre reliable, reputable and their employees are competent and courteous. What else do you know about these outside insiders?
This is just one element of what is probably the hardest problem to approach: The people you give trusted access to your network and your assets. Lets look at several different types of personnel that might account for the loss of sensitive information or damage to your network and corporate assets.
Meet the Ex
Newly terminated employees can be cause for worry. They may be leaving of their own accord, or they may have been escorted off the premises for some malfeasance. Either way, it is very important that any doors of access for this individual are closed immediately on departure.
Authentication tokens should obviously be removed. Also, ensure that logins are no longer enabled and that any account access, remote or local, is also closed. Many organizations believe removing remote access is sufficient to protect themselves. In a large organization, however, it is a simple matter to shoulder surf through a secure door, plug into a jack in a conference room, and be on your way. If management hasnt terminated building access and confiscated ID cards, this act of network trespass requires no effort at all.
Meet the New Ex, Same as the Old Ex
This is an individual who is already mentally out the door. This employee comes in two classes: One has already submitted a resignation notice; the other hasn't, only because theyre still looking for a new job.
The newly resigned employee is simple to spot, but its up to the company to decide how they will be handled. Policy should dictate whether the employee remains on the job, or is asked to take the two weeks as a paid vacation, and escorted off the property.