How to Protect Against Insider Security Breaches

 
 
By Craig Palmore  |  Posted 2010-01-20 Print this article Print
 
 
 
 
 
 
 

One of the most common ways of preventing insider security breaches is to have an auditing system in place, which monitors who is doing what within the system. Another method of preventing insider security breaches is to implement a system of job rotation or separation of duties. But Multi-Party Authorization is a better method for proactively preventing insider security breaches because, as Knowledge Center contributor Craig Palmore explains here, Multi-Party Authorization requires two or more people in order to allow access to certain sensitive files.

XYZ Corporation's trusted employee, Harry, scanned his computer screen, whistling through his teeth. "Nearly there now," he thought. "Just a few more clicks and I'll get what I need to know. They're going to pay me for what I find out." Harry's fingers flew over the keyboard, typing in the password. A malicious smile spread across his face as the spreadsheet opened, revealing column after column of sensitive information about all his fellow employees. It took him a while to find the juicy details about his chief rival for the position he wanted.

"I might as well be hanged for a sheep as a lamb," Harry mused. "While I'm here, I'll see what I can find out about Jenny in Accounting; a bit of background might improve my chances with her, too."

In another company across town ...

A new personal assistant named Jeff rolled his eyes at the on-screen request. "You stupid system; I'm allowed to access this file. It's my job to make sure that everyone gets the mail-out inviting them to the holiday party. So I've got to get everyone's home address." Jeff tapped in his password and opened the file. "Dumb machine," he thought. Breezily, he scanned the information that opened up, expecting to see a list of addresses.

"Uh-oh!" he thought as he saw a list of medical details open up instead. "This isn't what I wanted!" A familiar name caught his eye, alongside an embarrassing detail. "I'm in trouble now. He won't want me knowing that!" Hastily, Jeff closed the file and buried his head in his hands. "How am I going to keep what I read there secret and not blurt it out? And how much trouble am I in for getting into a file I shouldn't have accessed?"

These are two examples of how sensitive information within a network can be accessed by unauthorized employees-either deliberately by a malicious insider or inadvertently by an inexperienced operator. Whether it's a trade secret, private employee detail or something else, sensitive company data is more vulnerable to inside parties who access it rather than to hackers from outside who try to break into a system to steal information. While the popular image of security breaches is one of bored, intelligent teenagers getting into Pentagon files just for a laugh to see if they can do it, most security breaches are insider jobs.



 
 
 
 
Craig Palmore is a co-founder and the Director of Business Development at Engedi Technologies. His prior experience includes a variety of leadership positions in finance, technology and engineering companies. Before co-founding Engedi, Craig was a manager in the financial risk management group at PricewaterhouseCoopers. Prior to that, Craig worked at KMV Corporation, where he was responsible for marketing, sales, training and product support to clients representing commercial and investment banks. Earlier, at Swiss Bank Corporation, Craig assisted in the credit management of industry portfolios. Craig also co-founded an engineering consulting company in the early 1990s. Most recently, he was a co-founder of a financial technology company in New York City, serving the needs of commercial banks and fund managers. Craig received a B.S. in Civil Engineering from the Virginia Military Institute, and served six years active duty with the United States Navy Civil Engineer Corps, with duty assignments in Washington DC, Antarctica, Micronesia, and Hanoi, Vietnam. Craig is a licensed Professional Engineer in the State of Virginia, and received his MBA from the Fuqua School of Business at Duke University. He can be reached at palmore@engedi.net.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel