In the PART 1, we discussed how non-malicious employees can disrupt business continuity. This post will focus on the malicious or rogue employee and outline what you can do to obstruct an inside job.
First off, many wonder just how big of a problem is posed by rogue employees? Take a look at these recent findings:
Now let’s be honest here. Publicly admitting that a breach is the result of the malicious actions from an employee has got to be rather..um…unpleasant.
Of course that’s assuming the company is even aware that they have a malicious employee among them. If systems are not disrupted, rogue employees might still be operating silently within the perimeter. In short, our gut feel here is that the problem might be bigger than what is reported.
What’s the recommended protection strategy?
For the record, we absolutely do not condone that bosses suspect of all employees all the time. But there are a few technological and operational steps you can take to make the job of a would-be malicious employee much much more difficult.
As with securing against non-malicious employees, your secret weapon here is a layered defense strategy. Layering your protection can protect a business’s critical assets, even from non-malicious employees.
There are a number of policies you can enforce within your organization to help protect your systems from being compromised by malicious – and indeed non-malicious – employees:
The main take-away is to ensure that you make it as difficult as possible for any one person to steal sensitive information or breach business-enabling systems.
Complementing your operational policies with appropriate security software and network configurations is a key approach to protecting the systems from an attack from a rogue employee:
The point here is you want to discourage malicious behavior. But if the malicious employee is set on this path, you want to catch them before he/she causes any damage your network’s integrity and data confidentiality.
Ultimately, what routes you take when it comes to security entirely depends on what you are trying to protect.
Some of these steps might seem daunting to IT departments with fewer internal resources or specialist security gurus, but that does not mean you should ignore the problem. There are many reputable security consultants, like TBG Security, out there who can help you prioritise your security implementations.
About TBG Security Inc.
TBG Security is a leading provider of information security and risk management solutions for Fortune 100 and Fortune 500 companies. TBG designs and delivers cyber security solutions to work in harmony with existing operations. Companies depend on TBG services in areas including risk management, penetration testing, security policy development, security strategies for compliance, business continuity, network security, managed services, software and service integration and incident response.
For more information on how TBG Security can help your organization with your information security initiatives please visit https://tbgsecurity.com.