SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Thread: Did you know?

  1. #1
    Non-Member
    Join Date
    Apr 2013
    Location
    USA
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Did you know?

    Did you know that internal employees are even bigger threat for your data? Almost 1/3 of the information is breached by the internal employees of the company incidentally or deliberately. How can it be stopped? Any suggestion?

  2. #2
    SitePoint Enthusiast
    Join Date
    Jun 2013
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Being careful who you give permissions is a start. Depends on the business you have. Don't give 100% access not even to the highest standing admin and avoid giving sensitive information about clients to anyone that doesn't absolutely necessarily need it. Do backups of all data on external hard drives and have them with you!

    I know of a company that got tricked by its chief developer. The guy had a 20% share in the company and still deleted core files on the servers, stole the database, including the clients and opened his own company one month later.

  3. #3
    SitePoint Zealot
    Join Date
    May 2013
    Posts
    122
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    They can be the ideal spies of competing companies. I say whoever is under your employ you should give them less than 50% accessibility to all of your business functions. Don't give them the access to your highly sensitive files or printed documents. Just like what Donald Trump had said, "Work with them, but don't trust them."

  4. #4
    Non-Member
    Join Date
    Jul 2013
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes, of course, that is the reason never give your employees even the administrator, the 100% access to your personal and confidential information.

  5. #5
    SitePoint Member
    Join Date
    Jul 2013
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you can monitor all the activity of employee computer system by using proxy monitoring software that create logs of all data transfer activity in particular system.

  6. #6
    SitePoint Member
    Join Date
    Jun 2013
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm going to speak from the network administrator perspective.

    • Controlling physical access to equipment is priority one. If they can't touch it, compromising security becomes increasingly more difficult and easier to track on your IDS.
    • USE AN INTRUSION DETECTION SYSTEM (IDS). Preferably the most active you can afford.
    • Disallow the use of workstations outside of regular shifts. You can do this by policy and through user configuration.
    • Maintain a policy of giving only enough access to each employee so they can accomplish their job.
    • If possible within each work-group divide responsibilities so that no one has access to all of the files on a project.
    • Separate your internal network (servers, NAS, domain controllers), from your work-station network using a router and very selective ACLs. Preferably your internal network should have it's own VLAN(s) as well to further segment access.
    • Maintain a robust NAS, mandate its use. Files left on workstations are a liability. Web 2.0 is your friend this time.
    • Backups, backups, backups. They may think they have bombed your servers, or deleted/altered an important file. But last night's backups ensure you only lost a days work. Insufficient backups may trigger a "career altering event", and it won't be the happy kind.

    <snip/>
    Last edited by Mittineague; Jul 23, 2013 at 17:16. Reason: please read the FAQ


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •