Insider security threats: top tips
Article Date: Jul 04 2008The recent exposure of insider trading at The Body Shop demonstrates that the greatest security threats to a business can come from within. Martin Baldock, general manager at IT forensics company Data Genetics International, gives his top tips for guarding against the risks.
This week City regulators fined a former Body Shop employee £85,000 for insider trading before the company issued a profit warning in January 2006. John Shevlin, an IT helpdesk worker at Body Shop, had hacked into senior executives’ confidential emails and accessed a draft of the profit warning that the group was about to issue to the stock market. He then borrowed £29,000 – more than his annual salary – to take out short positions on Body Shop shares, netting £38,000 profit.
Security efforts are often expended disproportionately on preventing external IT breaches while potentially catastrophic internal threats are overlooked or ignored. So what can companies do to minimise the ‘insider threat’?
1. Be sceptical
Criminality and deception in the workplace are commonplace, a fact that is not taught at most business schools, nor considered in many contingency plans. Do not underestimate the determination of the fraudster or hacker to subvert or circumvent the control environment.
2. Don’t rush in
If the worst happens, prevent any instinctive and ill-considered responses to the situation and stick to a pre-prepared incident response plan. Confronting any suspect before all of the available evidence has been assembled can compromise the chances of a successful resolution.
3. Test existing systems
Never presume that existing controls and safeguards are effective. Systems are often wrongly configured while procedures are blithely ignored or not followed correctly or with any real comprehension. Consider also that the fraudster or crooked employee may be responsible for devising the controls, managing them, implementing them, enhancing or upgrading them.
4. Beware times of change
Emerging technologies, procedures, methods, products and business alliances bring with them new and often unexpected risks. Sudden changes and periods of rapid uncontrolled expansion are especially dangerous.
5. Don’t forget external threats
Remain vigilant, assess your defences and enhance them if necessary. Hackers, saboteurs, vandals, fraudsters and virus writers who dwell beyond the firewall are a clear and present danger, but are, generally speaking, minor irritants compared to the devastation that a malevolent employee can inflict.
There’s a well-known saying in the investigations industry: ‘There are no small frauds, just ones that have not had the time to grow as yet.’ Experience suggests that whenever a disgruntled employee finds a way around internal controls, perhaps just as a shortcut initially, he or she will exploit it to its full extent over time.
