Insider Data Security Issues
Insider data theft, and information leaks caused by carelessness and human error, are a growing problem in businesses of every size and in every industry. Whether through e-mail or IM, unauthorized copying or Web use, sensitive data, confidential information, and intellectual property are escaping from corporate networks and causing millions of dollars in losses.
Data is the lifeblood of every company, and often, it is a competitive advantage and the only thing that differentiates one enterprise from another. Who has the most loyal customers, the best service, and the most innovative strategies all boils down to information residing on the enterprise's Information Technology and application systems.
For companies that deal with product designs and prototypes, it is easy to understand how closely their information must be guarded. Strategic plans, corporate road maps, and notes from a brainstorming session could also be valuable to competitors. Personal information - of employees and customers - can be used for identity theft and other types of fraud, if it falls into the wrong hands.
The problem is, many companies devote resources to IT security assuming that the thieves and threats are on the outside, attempting to gain access to the network via malware and hack attempts. They ensure anti-malware and intrusion detection/prevention systems are in place, and restrict network access.
What happens, however, when the internal worker becomes the threat?
Every employee that uses e-mail and the Internet may become a leak, either purposely or - more commonly - inadvertently. A worker who was passed up for a raise or laid off may, in a fit of anger, share some embarrassing information with the press or forward sensitive plans to a competitor.
Even instant messaging exchanges can be used to sneak files or secrets to outsiders. Employees often retain their "buddy lists" as they move from one department to another, or from one employer to the next. Colleagues who IM one another every day could be working for competing firms, and a careless response to "what are you working on?" can be disastrous.
In addition, many hack attempts use social engineering to infiltrate corporate networks. An e-mail that seems to be from your IT admin and requests your login info seems harmless enough, until the hacker at the other end gains entry. The issue is one of education and awareness, and unsuspecting employees become, in essence, potential threats.
The Security Manual Template addresses all of these issues and more.