New Twist on Insider Crimes

What Happens When Your Trusted Business Partners Are the Threat?

By Linda McGlasson, May 4, 2010.
New Twist on Insider Crimes (Page 2 of 2)

See Also: The Evolution of Advanced Malware

  • Screen Employees -- "It doesn't have to be DOD level clearance, but a screening of personnel should be required," Moore says. In one case, CMU's research found where a person who had a criminal record was handling data as a trusted business partner's employee.

  • Reinforce Policies -- Security procedures and policies should be at least at the same level of the institution, and all employees should be aware and comfortable using them.

  • Monitor Exits -- Termination policies of the trusted business partners should be scrutinized and strengthened, if need. Moore says in many cases of sabotage, the insider was getting back into the organization's networks via backdoors installed on servers, causing damage, often without the business contractor knowing they had access. "If the trusted business partner isn't tracking access of its employees, it won't be able to disable it when the employee leaves the company," Moore notes. Reviewing logs upon an employee's departure may help spot where a back door was installed on a system, most of the sabotage events are done within a month of an employee's termination or resignation.

  • Enforce Separation - insiders can't do fraud if someone else is doing part of the work. For critical transactions, a system of checks and balances should be a familiar process for institutions. People who are entering transactions shouldn't be able to approve them, too.

  • Measure Access -- Be able to monitor the intellectual property to which employees and business partners have access. "Go with the least privilege access level, give only what they need in order to do their job," Moore says.
  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Infographic: Are You a Breach Victim?

Has your personal information been compromised in a data breach this year? This infographic...

Latest Tweets and Mentions

ARTICLE Infographic: Are You a Breach Victim?

Has your personal information been compromised in a data breach this year? This infographic...

The ISMG Network