Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Enemy Within the Firewall

Posted by ryuzaki0 on from the sowing-dissent-and-distrust-in-the-workplace dept.

Mel Tom writes to tell us The Age is reporting that many businesses are now considering employees a much bigger threat to security than most external threats. From the article: "With email and instant messaging proving increasingly popular and devices such as laptop computers, mobile phones and USB storage devices more commonplace in the office, the opportunities for workplace crime are growing."

8 of 265 comments (clear)

  1. crime opportunities by pretygrrl · · Score: 5, Interesting

    I work for a consulting firm that provides all types of HR services. We get data on client personnel that includes EVERYTHING: SSN's, addresses, spouse info, dates of birth, EVERYTHING
    The article mentions scarce spending on addressing internal security threats: im looking around my office, and there is just nothing you can do! Even if you completely lock down desktops (the latest image was set up as to disable all HW and SW installs), and I personally had an admin pw within days!), there is still email. And loaner laptops.
    I hear that this type of complete personal information fetches $10 per record amongst certain unscrupulous Brooklyn programmers.
    Come think of it... where DID i put all my floppies?

    --
    Contemplate the marvel that is existence, and rejoice that you are able to do so.
  2. Re:This Has Been Why... by ackthpt · · Score: 5, Interesting
    If you trust your employees, you might find a lot less security breaches. Many breaches are only due to an employee with an axe to grind.

    That's a bit naive. Most of our employees are devious little buggers. As soon as no-one is looking they're sending amusing flash/avi/mpeg between themselves, forwarding jokes someone outside sent to their gmail account (and they've cut-n-pasted them into work mail), etc.

    What it really comes down to is establishing a policy and what sanction will be forthcoming on violations. I knew one company that had zero tolerance. A couple sackings and everyone left was quite clear on proper behaviour.

    --

    A feeling of having made the same mistake before: Deja Foobar
  3. Internal security is a double-edged sword. by robyannetta · · Score: 4, Interesting

    If you're a company that respects its employees, rewards them appropriately and values them, do you think internal threats are going to be such a large issue compared to the faceless megaopolies that most American companies have mutated into?

    --
    - Just my $0.02, take with a grain of salt, your mileage may vary.
  4. Biotech by Anonymous Coward · · Score: 4, Interesting


    I work in the biotech biz. We've been warned about Chinese "students" snafing our secrets. Thought it was a lot of tinfoil hat paranoia until we saw logs of HUGE attachments going to Asian hotmail addresses. Guess what some of those attachements were? Research data going straight back to China.

    Needless to say, his worker agreements were terminated and the person shipped back.

  5. Re:And this is new? by hal9000(jr) · · Score: 4, Interesting

    What is new is that apparently some companies are actually starting to get it.

    You don't have to treat your employees like criminals in order to reduce the threat that an insider may pose. You just have to take rational approaches to tighten access.

  6. Re:One thing is sure by truthsearch · · Score: 4, Interesting

    Restricting access to things you do not own is not treating you like a criminal.

    True, but taking my fingerprints and putting them on file at the FBI within the first hour of a new job is criminal treatment. After all the SEC, FBI, and other background checks you still get put on file at the FBI when taking a job at most brokerage firms (at least here in NYC).

    It's beyond technical. At many companies you're treated as if they need to always look over your shoulder. Those cameras aren't there for your benefit. They're there to catch you if you do anything wrong.

    --
    Developers: We can use your help.
  7. Re:One thing is sure by EnronHaliburton2004 · · Score: 4, Interesting

    Where do things like arbitrary background, credit & criminal checks fit in, I wonder.

    At my last 3 jobs (Over 4 years), it was required to take these things. Along with the occasional piss-in-the-cup drug test. At many workplaces, companies are running background checks on existing employees. The tests are a "requirement of your continued employment here at the company".

    Does this make people feel like a criminal?

    --
    94% of Repubs and 21% of Dems voted to renew the Patriot Act
  8. Re:This Has Been Why... by paeanblack · · Score: 3, Interesting

    I've worked at one employer that understood.

    They had separate computers set up in the lounge area for IM, web email, games, etc. They were outside the network, and the rules on using them were very lax. We could do whatever we wanted on them, but IT wouldn't come running all that quickly if they were broken. Basically, it was like having a foosball table, but far more practical.

    The flipside of this policy was that all the other machines were for pure work-related usage...period. Company email was for company business...period. As wierd as it sounds, the employees really liked this setup.

    It's the 21st century...employees have an expectation of being reachable by family and friends when they are on the job, even if it's not a life-threatening emergency. Companies that institute an outright ban on this behavior are living in the past. Companies that let a single computer be used for both personal and professional business are asking for a world of pain.