RSS
Article Type: 
Quick Guides

Insider security threats: top tips

Article Date:  Jul 04 2008

The recent exposure of insider trading at The Body Shop demonstrates that the greatest security threats to a business can come from within. Martin Baldock, general manager at IT forensics company Data Genetics International, gives his top tips for guarding against the risks.

This week City regulators fined a former Body Shop employee £85,000 for insider trading before the company issued a profit warning in January 2006. John Shevlin, an IT helpdesk worker at Body Shop, had hacked into senior executives’ confidential emails and accessed a draft of the profit warning that the group was about to issue to the stock market. He then borrowed £29,000 – more than his annual salary – to take out short positions on Body Shop shares, netting £38,000 profit.

Security efforts are often expended disproportionately on preventing external IT breaches while potentially catastrophic internal threats are overlooked or ignored. So what can companies do to minimise the ‘insider threat’?

1. Be sceptical
Criminality and deception in the workplace are commonplace, a fact that is not taught at most business schools, nor considered in many contingency plans. Do not underestimate the determination of the fraudster or hacker to subvert or circumvent the control environment.

2. Don’t rush in
If the worst happens, prevent any instinctive and ill-considered responses to the situation and stick to a pre-prepared incident response plan. Confronting any suspect before all of the available evidence has been assembled can compromise the chances of a successful resolution.

3. Test existing systems
Never presume that existing controls and safeguards are effective. Systems are often wrongly configured while procedures are blithely ignored or not followed correctly or with any real comprehension. Consider also that the fraudster or crooked employee may be responsible for devising the controls, managing them, implementing them, enhancing or upgrading them.

4. Beware times of change
Emerging technologies, procedures, methods, products and business alliances bring with them new and often unexpected risks. Sudden changes and periods of rapid uncontrolled expansion are especially dangerous.

5. Don’t forget external threats
Remain vigilant, assess your defences and enhance them if necessary. Hackers, saboteurs, vandals, fraudsters and virus writers who dwell beyond the firewall are a clear and present danger, but are, generally speaking, minor irritants compared to the devastation that a malevolent employee can inflict.

There’s a well-known saying in the investigations industry: ‘There are no small frauds, just ones that have not had the time to grow as yet.’ Experience suggests that whenever a disgruntled employee finds a way around internal controls, perhaps just as a shortcut initially, he or she will exploit it to its full extent over time.

Comments 

There are currently no comments on this article

Sign up and get...

  • Regular GrowthBusiness newsletters
  • Post comments on articles
Sign up

Cut your speed to market and your costs!

FedEx Express has now created an account tailored perfectly for new small businesses. Instant account setup, online shipping, proof of delivery and an immediate discount of up to 15% off standard rates. Speed up your supply chain and gain the edge on your competitors! Visit: www.fedex.com/gb/smallbusiness

Looking to recruit?

Whichever role you are looking to fill you can be sure that Adecco only selects those candidates with a 'Can Do, Will Do, Will Fit' attitude. Better visit the people finding the people for London 2012.

Want help meeting your business objectives?

The Open University allows your staff to develop quickly, while causing minimal disruption to business operations. We can create solutions that help you to develop talent, increase professional skills and resolve business critical matters. Click to find out more.

Research

  • Creative businesses face ‘analysis gap’

    From video games developers to firms of architects, creative businesses of all kinds struggle to get adequate financing due to a misconception that they cannot be analysed systematically, claims a new report. The study comes from the Centre for Creative Business (CCB), a joint venture between London Business School and University of the Arts London.

Directors' Pay on AIM 2008

What is the average AIM company paying its chief executive? Who are AIM’s highest- and lowest-paid chief executives?

Global Technology Review 2008

Who are the world’s 200 most influential IT companies across sales, revenue growth, profits and net margins? Read more in the Global Technology Review 2008

More

Events Calendar

Investor AllStars 2009

23rd September, London Hilton, Park Lane

The CANACCORD Adams Media Magnate Awards 2009

26th March, Vinopolis, London

Rosenblatt New Energy Awards 2010

25th February, Natural History Museum, Cromwell Road, London SW7 5BD

More

More Quick Guides: Technology in Business

Data wipe

Failing to protect sensitive information could have devastating effects for your company, says Tony Dearsley, computer forensics manager at Kroll Ontrack.

So what is Web 2.0 anyway?

This handy jargonbuster explains what Web 2.0 is and how it might be relevant to you and your business.

Interest-free IT

IT vendors are fighting the downturn with zero-interest finance deals. We take a look at what's on offer.

Advertisement

Related articles

Firms urged to fight swine flu threat

Seating employees one metre apart and offering key staff taxis to work are among the measures suggested for combating swine flu by hygiene specialist Byotrol.

NCC secures Next Generation acquisition 

An IT security specialist has completed its third acquisition in 15 months after unveiling its takeover of Next Generation Security Software.

Ultra’s Weed Instrument deal 

A London-based electronic systems supplier to the aerospace industry has expanded its US operations by acquiring a company in Texas.

Fraud to rise in downturn

Business fraud is set to increase as companies and individuals struggle to make ends meet. Michael Mulligan of law firm Halliwells looks at how you can protect your business.

Poll

Are you seeing green shoots?



Have your vote on current issues

People who read this also read

  • Business card bliss

    Every mover and shaker knows that you don’t make a business a success by sitting behind your desk thinking about strategy.

  • Q&A: Choosing the right IT support

    I’ve had a few problems with my computers over the past year – bigger problems than I’ve been able to fix and it’s cost me a packet. I now realise we should get some IT support. How do I go about choosing someone reliable and not too expensive? Are there professional certificates that they should have for example?

  • Reducing currency exposure

    Piers Cracknell, commercial director of currency specialist Moneycorp, comments on the pound’s heavy fall against the dollar and assess its probable impact on growing businesses.


  • Why HR makes you sick

    Human resources (HR) professionals are most likely to become ill as a result of work, according to research.

  • Recording phone calls: what you need to know

    From March next year, UK financial institutions will have to record phone calls relating to client orders.

White Papers

10 Steps to a Successful CRM Implementation

Follow these 10 steps to help ensure that your CRM implementation is a success, from the planning stages to post-deployment improvements.

12 Key Points to Consider When Selecting a Network Scanning Solution

Discover the 12 key points your company should consider before you evaluate and select a vulnerability assessment solution.

15-Minute Guide to Elevating the Customer Experience Through Statements

This guide focuses on the importance of customer statements, in particular the vital role they can play in marketing an organization's products and services, building and maintaining brand awareness, and reducing customer service costs.

More

Take part in our competition and win a laptop

Growthbusiness.co.uk has teamed up with Insurantz.com to find out from you the secret of your business's longevity.

– Is it having a knack for hiring the right people or knowing that if you want something done properly, you need to do it yourself?

– Are you adept at reacting to changing market conditions and going the extra mile for your customers?

– Have you always had a keen eye for the numbers or made sure you have someone on board who does?

If your business has proven itself over a number of years, or if you know of a great local business and think it should be entered, then we want to hear about it!

A judging panel will draw up a shortlist of entrants for you to vote on to decide who will become the Growth Business Local Legend.

The winning company will receive computer equipment worth up to £500, plus £1,000 of business insurance (or free business cover up to an annual premium of £1,000 for larger businesses) all courtesy of our partners at Insurantz.com.

All shortlisted businesses will receive marketing collateral to promote your entry and encourage support from your customers and business associates. Everyone who enters the competition will automatically receive a 10% discount voucher code off insurance products bought from Insurantz.com.

To access the discount voucher code, please complete the survey.

At Insurantz..com, we encourage entrepreneurship, so start-up businesses are not charged extra when other insurers may decline or charge more. Insurantz.com offers a double-the-difference price guarantee on premiums where a better deal is found within 14 days of the cover start date.

Terms and conditions apply

Click here to enter the