While everyone is worried about security threats outside the company’sfirewall such as hackers, viruses, and worms, research suggests that the greatest risk may come from none other than the company’s very own employees.
Not all of these risks are necessarily borne of malicious intent on the part of employees. Some risks may come from unwitting participation, temptation, or simply ignorance. Here are just some examples of security risks you should watch out for:
- Data theft. With the ease with which employees can connect small devices and transport data outside the company’s four walls, the risk of your sensitive data falling into the wrong hands becomes very real. Set up clear guidelines and policies regarding the use of removable storage media. You can, on your own or with the help of your IT consultant or service provider, lock down your PCs to disallow connection to removable drives or portable media devices if appropriate.
- Data loss. Accidents happen. Set up backup systems so that you can recover data quickly in case employees accidentally delete a file, are unable to secure a PC from viruses and worms, or are careless with the physical state and functioning of their assigned PCs.
- Data leaks. With the proliferation of multiple channels of online communication such as e-mail and IM, the threat of employees leaking sensitive company data to outside parties is very real. Provide clear guidelines and policies for the proper use of these communication channels in the workplace, and if needed, set up methods to block access to these services. Ask your IT consultant for help.
- Intellectual property violations. Illegal downloads or the illicit sharing of copyrighted material can also pose a significant threat to your organization. Legal action or the loss of your company’s hard-earned reputation can be debilitating and difficult to get over.
- Online Phishing and E-mail Scams. In phishing or e-mail scams, deception is used to gain unauthorized access to confidential data. Make sure you or your IT consultant set up filters to block such e-mails, or use security software to block access to this type of website.
- Lax/missing access controls. Be prudent and place access control policies on key information resources within your organization, such as e-mail or your accounting system. Provide each employee with access only to relevant information needed to complete his or her particular job.
It’s not easy to protect yourself from security breaches, especially when they come from within your organization. Get advice from an expert. Contact your IT Service provider today to find out more.
Published on 4th May 2009 by Jeanne DeWitt.