Security: Protecting Your Company

Today’s current economic downturn has caused us to rethink the way we do business. Cutting the budget, re-appropriating funds and canceling projects are just a few examples of ways that small businesses are coping. Our current economic status has also made many employees feel the financial crunch. Unfortunately, this can result in some employees looking for quick financial assistance within their own company. Small business owners should be aware that they can be targets of corporate theft and sabotage from within their own organization.

A disgruntled employee or an insider can be more dangerous than the most sophisticated hacker on the Internet. Depending on your business’s security policies and password management, insiders may have direct access to your critical data, and as a result can easily steal it and sell it to your competitor, or even delete all of it, causing irreparable damage. There are steps and measures you can take to prevent an insider or disgruntled employee from getting access to key information and damaging your computer networks. Below is a case study detailing how real an insider threat can be:

“A former employee for a company handling flight operations for major automotive companies, deleted critical employment information two weeks after he resigned from his position. The incident caused around $34,000 in damages. According to reports, the employee was upset about being released by the company earlier than he had anticipated. Allegedly, the company’s firewall was compromised and the perpetrator broke into the employee database and deleted all the records. Statements from the company indicate that the disgruntled former employee was one of only three people who knew the log-in and password information for the firewall that protected the employee database.”

What can you do, as a small business owner, to protect you and your business from these threats? There are a number of ways your company can protect itself from insider or disgruntled employee threats:

1. Divide critical functions and responsibilities among employees within the organization, limiting the possibility that one individual could commit sabotage or fraud without the help of other employees within the organization.
2. Lock down permissions on sensitive financial data. You can do this by using Windows built in security features on files and directories. Only provide users that need to access these files with permission. Allowing all users to access this data can be very dangerous.
3. Implement strict password and authentication policies. Make sure every employee uses passwords containing letters and numbers, and do not use names or word. Also, make sure that employees do not share their passwords between one another.
4. Moreover, be sure to change passwords every 90 days, and most importantly, delete an employee’s account or change the passwords to critical systems, after an employee leaves your company. This makes it harder for disgruntled employees to damage your systems after they have left.
5. Perform due diligence BEFORE you hire someone. Do background checks, educational checks, etc to ensure that you are hiring good people.
   As you can see, an internal IT threat in an organization is very real. However, if you take the proper precautions you can minimize the opportunity for one of your employees to sabotage your business.

If you have any questions or concerns about security on your network, please call us at 682-4990 or Email Us.

---