Protect your business against internal security threats

To hear a cyber security specialist tell it, the person behind one of the most high profile security breaches was an employee. Or at least a former employee. According to John McAfee, it was evident, based on the data released, that the hacker was intimately familiar with the technology stack of the company.

“This is not just someone copying a table and making into a .csv file,” he said in an article for the International Business Times. “Hackers rarely have full knowledge of the technology stack of a target.”

Whether or not McAfee’s assessment is correct, the ability of someone to get beyond the company’s security was damaging for a company that touted secrecy. As a result, the personal information of more than 32 million Ashley Madison members was posted.

The lesson in all this? It could happen to any company. Actually, more than one in four enterprise data security incidents are a result of internal issues, according to the PWC 2014 U.S. State of Cybercrime Security.

It’s not enough to look around your company to see if someone “looks” suspicious or not. Establish data security protocols that takes into account not only the threats outside your building, but those within — whether malicious or unintentional.

Here are 3 areas to address when establishing security measures:

1. 1. Termination policies. Unfortunately, there comes a time when a company may need to part ways with an employee. And it may not be pleasant. That’s when you’re most vulnerable to acts of retaliation from a disgruntled employee. Adopt an HR policy that calls for the immediate confiscation of the employee’s equipment and his or her access to the company’s VPN, email servers, and other company resources.

2. Strength of passwords. It can’t be stressed enough. Strong passwords are still key to protecting yourself against a security breach that could have been easily avoided with better employee practices. Develop and enforce a strong password policy across the company.

3. Encryption processes. Establishing strong data and email encryption can provide another measure of security against internal weaknesses that lead to breaches. Use strong encryption measures to protect data.

For 15 years, Lifeline Data Centers, a wholesale colocation center, has been helping companies improve their uptime and keep their operating expenses under control. Contact us to learn what we can do for you.

Other resources:

• Infographic: The 22 Data Center Compliance Acronyms You Need to Know
• White Paper: Why Data Center Compartmentalization is Important
• Lifeline One Sheet: What You Need to Know About Lifeline Data Centers

Alex Carroll

Managing Member at Lifeline Data Centers

Alex, co-owner, is responsible for all real estate, construction and mission critical facilities: hardened buildings, power systems, cooling systems, fire suppression, and environmentals. Alex also manages relationships with the telecommunications providers and has an extensive background in IT infrastructure support, database administration and software design and development. Alex architected Lifeline’s proprietary GRCA system and is hands-on every day in the data center.