IT spends a lot of time assuring that system hardware is up to date and running properly. But the most serious threats to our computer systems today isn't from natural disaster, overheating of electrical equipment, or fires. The greatest threat our systems face comes from humans. Here are the five scariest.
There are a number of ways employees can harm or threaten the system, including both intentional and accidental acts. Some are poorly trained, others are negligent, and some are angry with the company for some reason or are simply dishonest people. Former employees are also a threat, especially if they were fired.
The biggest threats these people post to the system include introducing malware, falsifying or corrupting data, gathering intelligence for another company, stealing information, getting revenge, abusing the computers, or simply causing damage from an accident.
Protecting the company from these employees includes these security measures:
Dealing with accidental human threats, such as an errant keystroke or opening an email containing malware is more difficult to prevent. Employee training and stressing the importance of security goes a long way in preventing these problems.
Hackers are different from computer criminals, generally because they're motivated by their ego or rebellion instead of ill-gained profits. However, hackers can cause lots of damage by breaking into the system, stealing data, installing malware, or taking down the company's servers by DoS (denial of service) attacks.
Though hackers are more prankster and less criminal, the damage they can inflict shouldn't be ignored. Hackers have cost millions of dollars in damage and taken down numerous large businesses, including large corporations such as Yahoo!, eBay, GoDaddy, and many others. No company is immune.
Protecting the systems from hackers involves the same measures as keeping out criminals. Firewalls and current, up to date malware protection is essential. Enable alerts so an IT staff member can immediately detect any attempt to breach the system. Hackers have nothing but time on their hands to try another break in if the first try isn't successful. But when an IT staff member knows a threat is imminent, he can take steps to further secure the system.
While hackers are generally pranksters (though still criminals), real computer criminals are out to cause serious harm to your company or to steal information for a profit. Computer criminals often destroy information, steal information, or corrupt information. Sometimes the motivation is bribery or blackmail.
Another scary thing computer criminals do is called spoofing. This involves them setting up a website that looks just like yours and luring your customers and other business interests there instead of to your real site. Here, they can damage your reputation, steal email addresses, and much more.
In addition to the firewalls, malware, and vigilant system monitoring by the IT department, companies need to invest time and money into research to detect and prevent spoofing and other criminal activity. Monitor your customer service department's complaints closely to determine if customers have been misdirected to a spoof site or if they're receiving emails claiming to be from your company, but aren't. Email your customer base and explain how to identify emails from you and how to always be sure they're going to your website and not a spoof site.
Terrorists don't need bombs and planes to cost U.S. businesses millions of dollars per year. They can break into our computer systems for the purposes of exploiting information, destroying information, installing malware, taking down servers with DoS attacks, and other harmful acts. Terrorists also engage in blackmail with the information they gain.
The most common terrorist threats to companies in the U.S. come from China and North Korea. Much of this cyber terrorism is government sanctioned and funded. Fortunately, the same safeguards put in place to protect the system from hackers and computer criminals can be used to protect it from cyber terrorism. Unfortunately, terrorists have deep pockets and, like hackers, have nothing to do aside from assaulting U.S. economic interests. Make sure your IT department has adequate training to identify and deal with these threats.
Industrial espionage comes from foreign companies or governments, and attempts to gain a competitive advantage by stealing information, intruding on company or customer privacy, taking proprietary information, stealing technology related information, and other acts of espionage.
Fortunately, most of the same techniques protect the system from all of these threats. The most important thing is identifying and employing good risk management strategies, and arming the IT department with the resources and funding necessary to ward off these attacks. Human resources also needs the funding and resources to implement good employee screening and training practices to eliminate potential threats from internal employees.
When it comes to human threats to computer systems, an ounce of prevention truly is worth a pound of cure. The best defense against all these threats is a well-trained, well-supervised IT department. Give them the funding, resources, support, and tools necessary to protect your system from these human threats. Also, offer incentives and rewards for work well done. For example, hold a party for the IT department each quarter they successfully ward off all attacks.
Finally, help your IT department help you by stressing to the human relations department how important it is to hire reliable, trustworthy employees and give them the training they need to be an asset to the company, not a liability.