How to Protect Against Insider Security Breaches
One of the most common ways of preventing insider security breaches is to have an auditing system in place, which monitors who is doing what within the system. Another method of preventing insider security breaches is to implement a system of job rotation or separation of duties. But Multi-Party Authorization is a better method for proactively preventing insider security breaches because, as Knowledge Center contributor Craig Palmore explains here, Multi-Party Authorization requires two or more people in order to allow access to certain sensitive files.
XYZ Corporation's trusted employee, Harry, scanned his computer screen, whistling through his teeth. "Nearly there now," he thought. "Just a few more clicks and I'll get what I need to know. They're going to pay me for what I find out." Harry's fingers flew over the keyboard, typing in the password. A malicious smile spread across his face as the spreadsheet opened, revealing column after column of sensitive information about all his fellow employees. It took him a while to find the juicy details about his chief rival for the position he wanted.
"I might as well be hanged for a sheep as a lamb," Harry mused. "While I'm here, I'll see what I can find out about Jenny in Accounting; a bit of background might improve my chances with her, too."
In another company across town ...
A new personal assistant named Jeff rolled his eyes at the on-screen request. "You stupid system; I'm allowed to access this file. It's my job to make sure that everyone gets the mail-out inviting them to the holiday party. So I've got to get everyone's home address." Jeff tapped in his password and opened the file. "Dumb machine," he thought. Breezily, he scanned the information that opened up, expecting to see a list of addresses.
"Uh-oh!" he thought as he saw a list of medical details open up instead. "This isn't what I wanted!" A familiar name caught his eye, alongside an embarrassing detail. "I'm in trouble now. He won't want me knowing that!" Hastily, Jeff closed the file and buried his head in his hands. "How am I going to keep what I read there secret and not blurt it out? And how much trouble am I in for getting into a file I shouldn't have accessed?"
These are two examples of how sensitive information within a network can be accessed by unauthorized employees-either deliberately by a malicious insider or inadvertently by an inexperienced operator. Whether it's a trade secret, private employee detail or something else, sensitive company data is more vulnerable to inside parties who access it rather than to hackers from outside who try to break into a system to steal information. While the popular image of security breaches is one of bored, intelligent teenagers getting into Pentagon files just for a laugh to see if they can do it, most security breaches are insider jobs.