Eze Castle Integration

Hedge IT Blog

The Biggest Security Threat to Your Firm Might Be Sitting Next to You

By Kaleigh Alessandro,
Thursday, May 17th, 2012

Just last week, we talked about network security threats and the best practices your firm can employ to keep information safe. You probably think that your security efforts should be focused on the outside - on external risks. But the reality is that the biggest security threat to your firm could be the person sitting right next to you.

It was mentioned by both eSentire’s Steve McGeown and Eze Castle’s Steve Schoener during our recent webinar that internal threats to security are just as likely to occur when it comes to cybercrime and security breaches.

A recent Wall Street Journal article, IT Protects the Company, Who Protects IT, included statistics from a PricewaterhouseCoopers survey of executives about economic crimes. Several jarring statistics were provided, including:Restrict Computer Privileges

  • 56 percent of respondents who said they had experienced economic crime in the past 12 months said the main perpetrator of the most serious fraud was someone inside the organization;

  • 53 percent of respondents who saw a risk of cybercrime within their organization said there was a risk of it coming from the IT department – the highest percentage from any department; and

  • 18 percent of frauds reported by respondents in 2011 were detected by electronic monitoring of suspicious activity and transactions, up from 5% in 2009.

But it’s not just a firm’s IT department that could pose a risk. Anyone at the company with a certain level of access could gain control of sensitive information. This is why we recommend firms employ the principle of least privilege. In its simplest terms, this means only allowing access to data, documents and resources to personnel who need it. Members of the IT staff likely need more access than employees in the Human Resources or Marketing departments, for example.

We’ve talked about these before, but here are a few internal security best practices to keep in mind:

  • Maintain a strong password policy. In addition to creating a strong password and changing it frequently, be sure not to write it down or give it out. Creating a tough password means nothing if it can be easily discovered by a coworker.  And remember, "password" is not a good password.

  • Use multi-factor authentication. In order to access certain systems or data, your firm should employ at least two-factor authentication practices. This means that in addition to providing a password for access, employees would also need to provide a separate PIN number, for example. For access to a data center, firms may want to use biometric screening as a second authenticator.

  • Take control of company-sanctioned mobile devices. What about when an employee leaves the firm? Can he/she still access company data and information from their mobile device? It’s important to remember that even if an employee leaves, access may not be automatically terminated. Firms should ensure they restrict access when employees leave and are also able to wipe devices remotely if necessary.

Just remember: when it comes to protecting your company’s sensitive information, don’t just train your eyes outward. Look inside too.

Want More on Hedge Fund Security?

Contact an Eze Castle representative

Source: Wall Street Journal
Photo Credit: eHow

Categorized under: Security  Trends We're Seeing 



Recent Posts / All Posts

 

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Recent Articles

Categories

Archives