It’s common to see companies showing confidence in their security systems. Their networks are protected from external threats, which can often lead to a false sense of being secure. With this attitude, they may stop thinking about security and fail to establish internal measures within their networks, and this is a grave mistake.
In recent years the majority of security threats and compromises have come from within the company. A common threat to companies is the logic bomb – malware that targets IT systems and deletes data. As a logic bomb is introduced from within the network, the blame often lies with a disgruntled employee with full access to internal systems.
Giving employees full access to the network when they don’t need it is a common mistake often made by companies. There’s little need for an employee who does graphic design to have access to weekly sales records. This practice could set your company up for a considerable security problem in the future.
Dawn Cappelli, an insider-threat expert at the Carnegie Mellon Software Engineering Institute stressed, “These types of insider attacks happen to businesses of all sizes, from small companies to very large corporations.” This is an important issue businesses should be aware of if they want to remain secure.
Security threats can be a particularly harsh nightmare for small businesses, as many don’t have an IT department or staff with the technical expertise needed to maintain a secure network. If you’re one of these organizations, it’s a good idea to hire an outside consultant to help you with your network security. With consultants, it’s important that you maintain close contact with them to ensure any issues that crop up are dealt with expeditiously.
If you don’t work with an external company there are a few things you should do when you have an employee leave the company. First, their accounts should be deleted immediately and their access privileges should also be revoked. Second, if you have accounts with shared passwords, you should change them to ensure an ex-employee can’t gain access to the system.
If you’d like to learn more about internal security, and measures you can take to ensure you are safe, we are ready to help you. Please contact us.