Published July 2001

Danger to data lurks
inside company, too

By Tom Schreier
Computer Q&A

So, you have your network castle walls built up with firewalls and all kinds of intrusion-detection systems and you think you’re safe. Well, sorry to burst your bubble, but it’s not the hackers outside the kingdom that you need to worry so much about as it is your employees.

With the current economic downturn, many companies are tightening their belts, and in the process, many workers are being laid off. This should send up alerts to the information-systems (I.S.) department. Your data could be in danger.

While hackers get all the press, the No. 1 security threat to any company has been and will continue to be inside attacks.

No matter if it is the laid-off employee with an ax to grind or the workers who are left after downsizing. These people have inside knowledge of where the information is and how to get it.

So, what can be done about this problem?

Well, pre-planning is the key to safety. A few steps will go a long way in keeping your private data private.

Account audits need to be done every few months, or maybe even monthly if you have a high rate of employee turnover.

I.S. needs to go through all the accounts on ALL servers and make sure that all of those employees still work for the company — and that their access levels are appropriate for the job they are doing.

When a user changes jobs, more often than not the user’s account is not re-created, but more access to data is granted. There might be a need for this person to access the old job data, but if the user does not need to be on those systems, they need to be locked out.

When layoffs do occur, it is important for I.S. to be involved as soon as the human resources department makes its move. The affected employees’ accounts need to be frozen at the time of the layoff announcement. If management decides to announce on a Monday that some employees will be let go on Friday, then those accounts need to be locked down as much as possible.

Also, full account auditing needs to be installed to make sure that any information that is tampered with has a log file of the offense. If there are shared passwords, those passwords need to be changed as soon as the employee leaves.

The morale of the other employees also can be a problem during layoffs. These workers might be saddled with extra duties or just a general feeling of resentment toward management.

Dealing with this is more of a management responsibility, but I.S. needs to be on guard. With these employees, you cannot cut the access, so the only real defenses are tight controls and good backups.

In summary: only give the access that is needed; maintain up-to-date user accounts; make sure you have usage auditing that could alert to possible problems; and double-check your backup strategies to ensure any damage can be repaired.

Tom Schreier is the Webmaster and Network Security Analyst for The Herald. He can be reached by sending e-mail to schreier@heraldnet.com.

Back to the top/July 2001 Main Menu