The Enemy Within the Firewall

Mel Tom writes to tell us The Age is reporting that many businesses are now considering employees a much bigger threat to security than most external threats. From the article: "With email and instant messaging proving increasingly popular and devices such as laptop computers, mobile phones and USB storage devices more commonplace in the office, the opportunities for workplace crime are growing."

crime opportunities

[pretygrrl]

I work for a consulting firm that provides all types of HR services. We get data on client personnel that includes EVERYTHING: SSN's, addresses, spouse info, dates of birth, EVERYTHING
The article mentions scarce spending on addressing internal security threats: im looking around my office, and there is just nothing you can do! Even if you completely lock down desktops (the latest image was set up as to disable all HW and SW installs), and I personally had an admin pw within days!), there is still email. And loaner laptops.
I hear that this type of complete personal information fetches $10 per record amongst certain unscrupulous Brooklyn programmers.
Come think of it... where DID i put all my floppies?

Re:This Has Been Why...

[ackthpt]

If you trust your employees, you might find a lot less security breaches. Many breaches are only due to an employee with an axe to grind.

That's a bit naive. Most of our employees are devious little buggers. As soon as no-one is looking they're sending amusing flash/avi/mpeg between themselves, forwarding jokes someone outside sent to their gmail account (and they've cut-n-pasted them into work mail), etc.

What it really comes down to is establishing a policy and what sanction will be forthcoming on violations. I knew one company that had zero tolerance. A couple sackings and everyone left was quite clear on proper behaviour.