Customer Login

Call Us Now at 1.781.569.5730

5 Human Threats Your IT Department Should Be Scared Of

Posted by on in Blog
  • Font size: Larger Smaller
  • Hits: 1727
  • Comments

IT spends a lot of time assuring that system hardware is up to date and running properly. But the most serious threats to our computer systems today isn't from natural disaster, overheating of electrical equipment, or fires. The greatest threat our systems face comes from humans. Here are the five scariest.

1. Employees Inside the Company

There are a number of ways employees can harm or threaten the system, including both intentional and accidental acts. Some are poorly trained, others are negligent, and some are angry with the company for some reason or are simply dishonest people. Former employees are also a threat, especially if they were fired.

 

The biggest threats these people post to the system include introducing malware, falsifying or corrupting data, gathering intelligence for another company, stealing information, getting revenge, abusing the computers, or simply causing damage from an accident.

Protecting the company from these employees includes these security measures:

  • Set procedures in place to automatically disable passwords of employees who leave for any reason.
  • Set up multi-level user passwords to allow only authorized personnel to access the parts of the system they need to do their jobs.
  • Enable system alerts to notify key IT staff of an employee's unusual use of the system.
  • Initiate companywide policies to allow for random checks of user activities, email servers, login and logout times, etc. to scan for potential misuse or abuse of the system.
  • Make sure all employees are properly trained to use the system correctly.
  • Consider having human resources run background checks, personality tests, and other methods of identifying potential problem employees before hiring.

Dealing with accidental human threats, such as an errant keystroke or opening an email containing malware is more difficult to prevent. Employee training and stressing the importance of security goes a long way in preventing these problems.

2. Hackers

Hackers are different from computer criminals, generally because they're motivated by their ego or rebellion instead of ill-gained profits. However, hackers can cause lots of damage by breaking into the system, stealing data, installing malware, or taking down the company's servers by DoS (denial of service) attacks.

Though hackers are more prankster and less criminal, the damage they can inflict shouldn't be ignored. Hackers have cost millions of dollars in damage and taken down numerous large businesses, including large corporations such as Yahoo!, eBay, GoDaddy, and many others. No company is immune.

Protecting the systems from hackers involves the same measures as keeping out criminals. Firewalls and current, up to date malware protection is essential. Enable alerts so an IT staff member can immediately detect any attempt to breach the system. Hackers have nothing but time on their hands to try another break in if the first try isn't successful. But when an IT staff member knows a threat is imminent, he can take steps to further secure the system.

3. Computer Criminals

While hackers are generally pranksters (though still criminals), real computer criminals are out to cause serious harm to your company or to steal information for a profit. Computer criminals often destroy information, steal information, or corrupt information. Sometimes the motivation is bribery or blackmail.

Another scary thing computer criminals do is called spoofing. This involves them setting up a website that looks just like yours and luring your customers and other business interests there instead of to your real site. Here, they can damage your reputation, steal email addresses, and much more.

In addition to the firewalls, malware, and vigilant system monitoring by the IT department, companies need to invest time and money into research to detect and prevent spoofing and other criminal activity. Monitor your customer service department's complaints closely to determine if customers have been misdirected to a spoof site or if they're receiving emails claiming to be from your company, but aren't. Email your customer base and explain how to identify emails from you and how to always be sure they're going to your website and not a spoof site.

4. Cyber Terrorists

Terrorists don't need bombs and planes to cost U.S. businesses millions of dollars per year. They can break into our computer systems for the purposes of exploiting information, destroying information, installing malware, taking down servers with DoS attacks, and other harmful acts. Terrorists also engage in blackmail with the information they gain.

The most common terrorist threats to companies in the U.S. come from China and North Korea. Much of this cyber terrorism is government sanctioned and funded. Fortunately, the same safeguards put in place to protect the system from hackers and computer criminals can be used to protect it from cyber terrorism. Unfortunately, terrorists have deep pockets and, like hackers, have nothing to do aside from assaulting U.S. economic interests. Make sure your IT department has adequate training to identify and deal with these threats.

5. Industrial Espionage

corporate-espionage.jpgIndustrial espionage comes from foreign companies or governments, and attempts to gain a competitive advantage by stealing information, intruding on company or customer privacy, taking proprietary information, stealing technology related information, and other acts of espionage.

Fortunately, most of the same techniques protect the system from all of these threats. The most important thing is identifying and employing good risk management strategies, and arming the IT department with the resources and funding necessary to ward off these attacks. Human resources also needs the funding and resources to implement good employee screening and training practices to eliminate potential threats from internal employees.

When it comes to human threats to computer systems, an ounce of prevention truly is worth a pound of cure. The best defense against all these threats is a well-trained, well-supervised IT department. Give them the funding, resources, support, and tools necessary to protect your system from these human threats. Also, offer incentives and rewards for work well done. For example, hold a party for the IT department each quarter they successfully ward off all attacks.

Finally, help your IT department help you by stressing to the human relations department how important it is to hire reliable, trustworthy employees and give them the training they need to be an asset to the company, not a liability.

References:

http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

Rate this blog entry:
1
Tagged in: hacking IT security
John Leger has been married for 25+ years and has six children.  He is a self-taught web developer who spends a lot of time learning new technologies and sharpening his skills.  His ability to learn new things quickly has enabled him to skillfully play the guitar, keyboard, flute and bass.  In his off time, he loves to hunt and ski.  He’s also the lead instructor at a Taekwondo Academy in his home town where he teaches classic Chung Do Kwon.
blog comments powered by Disqus

Bloggers

Categories

Archive