In any information security setting there is the elephant in the room that no one likes talking about. This is the threat posed by employees which is more commonly known as the insider threat. This threat is not new but it has recently gained more prominence in this recessionary period.
When companies are cost-cutting employees are thrown into uncertainty by impending down-sizing. This makes a company vulnerable to insider attacks. When the eventual layoffs begin normal controls are dispensed with due to work pressure, necessity and self preservation. Departing employees take away sensitive company information, especially ICT staff that are privy to critical information systems.
The insider threat has two participants: current and ex-employees. They both have intimate working knowledge of a company’s processes and operations. Current employees have legitimate and up to date access to the information systems. They can potentially leak corporate secrets, plant viruses and generally commit covert cyber-crime.
Ex-employees, on the other hand, do not have access to the company’s systems. They cause damage by changing passwords on departure or leaving logic bombs in the system. A logic bomb is malicious software that is left by a programmer that activates once certain conditions are met. For example an ex ICT staff can leave software that immediately deletes company sales files if his/her name or staff number is deleted from the payroll.
Controls are therefore crucial and need to be in place to reduce this threat. The first control is having a current and robust security policy that outlines the does and don’ts when using corporate information systems. This policy must be understood by all new employees. Consequences of ignoring these security policies should be internalized and constantly reviewed. This security policy should be signed by all employees so as to obligate them to good practice and usage of the systems.
Another control against insider threat is carrying out background checks before hiring employees. Stringent checks should be carried out to detect reasons for previous resignation or termination. Testimonials and academic certificates should be scrutinized for authenticity.
Separation of duties is another effective control. It eliminates the likelihood of employees colluding and circumventing controls. In this regard monitoring systems should be installed to flag any unauthorized activities. Finally all network access should always be revoked immediately an employee is terminated. Any company issued IT equipments should be returned and screened to prevent insertion of logic bombs into the corporate system.
This elephant is best dealt with immediately and professionally because it has fatally damaged many companies in the past.