Tip of the Week: How to Avoid an Internal Breach

internal breachWhat two things do Robert Hanssen, Pfc. Bradley Manning, and recently in the news, Edward Snowden, have in common? First, they leaked classified U.S. information, whether they were spies and sold U.S. Intelligence to adversaries or leaked classified information to the media, they all had access to important sensitive information and gave it to unauthorized sources. This brings us to the second thing they have in common–they all came from the inside.

The ultimate betrayal is one that comes from trusted friends, those you keep close and tell your secrets. Unfortunately, the U.S. government is not the only entity that suffers from internal breaches. In fact, studies show that 60 percent of all breaches happen from the inside. Most of these are probably due to negligence, but small business owners can never be too careful.

In a high-profile identity theft case, a small business owner lost more than $100 million due to a disgruntled former employee. This employee had access to sensitive information on his laptop and after getting fired, downloaded thousands of consumer credit reports and sold them to identity thieves. The thing is, this employee still had access to this information because the business owner forgot to cancel his password.

The recent influx of portable devices such as smartphones, tablets and laptops is a growing concern because security on these items is difficult to manage. It could be a huge security risk if someone were to lose their device that held sensitive information.

There are things you can do above and beyond the normal security measures to avoid an internal breach.

How to avoid an internal breach.

  • Conduct background checks–don’t just look for criminal backgrounds but also try to contact as many former employers as possible.
  • Control employee access to sensitive information–employees should only have access on a need-to-know basis.
  • Have clear policies in place–it will help employees know what they can and can’t do.
  • Focus on on-going training–It is important for employees to understand security basics so that they don’t cause a breach out of ignorance or negligence.
  • Encourage all employees to be vigilant–Neighborhoods often put together special watches to guard against crime and the same thing can happen in the work place. Have employees watch and report suspicious activity.
  • Remember to cancel passwords–When an employee stops working for you or no longer needs access to sensitive information, make sure to cancel his/her passwords or other avenues of obtaining information. If they don’t need to know it for the job they are doing, they don’t need access.

By implementing these few tips along with the regular security measures you have in place, you can minimize your risk of a security breach, especially from the inside.


Speak Your Mind