Stopping the inside job

As the economy suffers, more employees are likely to suffer, too, in the form of layoffs, reduced wages, and other unpleasant changes to their workaday life. This could result in more employees deciding to go for broke and—out of spite or financial desperation—try to take the company down.

One need look no further than Terry Childs, the network manager who refused to hand over the passwords to critical elements of the San Francisco municipal network and crippled the city’s IT infrastructure, according to senior research analyst James Quin of Info-Tech Research Group. “When things are going badly, morale, and then loyalty, can slip a bit,” he said. “As we’re looking at potential mass layoffs, it can throw things off-kilter and the potential for employee theft is definitely there.”

There are ways to prevent these types of nasty occurrences, he said, beginning with background checks on all new employees. “You should do as much (background-checking) as you feel you can get away with without violating people’s rights,” said Quin. This can include education and criminal checks. Even a credit check could be handy—during a down economy, there is always a slight chance that someone in dire financial straits might have ulterior motives.

More from CIO Canada

Beware the rogue emplyee

To keep company data safe during a downturn, its important to practice job segregation, Quin said. “That way, there’s not any one person with too much power,” Quin said.

Keeping an eye on things is also key.

“Audit, audit, audit. Too few people pay attention to logs,” said Quin. “If you get used to capturing images and then building a picture, it’ll be easier to catch a small crime before a big one happens.”

Playing on the idea of rogue employees lurking among the ranks is fast becoming a useful strategy for vendors trying to win those precious budget dollars, said Quin.

CA Inc. and Symantec Corp. are pushing solutions that will be handy in keeping information safe. “There’s no question that it’s an eye-opener,” said Jeff Hayward, vice-president of marketing with CA Canada. “There are inside jobs from disgruntled employees, partners, suppliers, vendors—anyone who can dial in.”

Products like CA’s Web Access Control could help IT managers keep everything under wraps, he said. “Identity management is really critical,” Hayward said. CA, for its part, just bought Orchestria Corp., a data loss protection company.

Rick Maddox, senior product marketing manager with Symantec, said that consideration of internal threat was definitely there during the planning stages of the latest version of the recently released Endpoint Encryption 7.0. “The administration console allows the IT manager to identify who actually needs to have access to which files instead of just giving access to everybody,” Maddox said.

The product also generates logs for IT managers to scan for wrongdoing, and offers a wiping feature that allows admins to remotely wipe devices lifted by scheming employees. “Laptops and mobile devices continue to be stolen, and we recognize that, rather than trying to stop that, we can figure out how to protect the data first,” said Maddox.

Related Download
Virtualization: For Victory Over IT Complexity Sponsor: HPE
Virtualization: For Victory Over IT Complexity
Download this white paper to learn how to effectively deploy virtualization and create your own high-performance infrastructures
Register Now