Wednesday, December 10, 2008

Keeping data secure from internal users

When conducting your annual security assessment, be sure to pay close attention to internal users with access to privileged information. A study conducted over the summer by a California-based security company identified several key findings regarding security breaches from the inside:
  • Security breaches not only manifest as mishandled data. In some cases, perpetrators targeted specific employees' personal information.
  • Data stolen by insiders is highly likely to be used in a geographically concentrated area, near (within 20 miles) the scene of the crime.
  • A majority - 69% - of stolen ID's were used to fraudulently obtain cell phone services.
  • Almost all of the resulting illicit activity occurred very quickly ... within 2 weeks of the theft.
  • The vast majority -- 80% -- of fraudulent activity was perpetrated online

What does this mean for you?
It means that, while perimeter defenses are important, enforcing sound security policies with staff and associates is absolutely critical. Secure passwords for internal applications (not just for network access) should be a requirement for all users, including executives. Creating local copies of sensitive information should be restricted. And all applications should be reviewed for hidden developer access.

Link to ID Analytics Press Release: Study Reveals Employees' Criminal Misuse of Stolen Identities

No comments:

Post a Comment