Insider Threat: How to Protect Your Business from Your Own Employees

It’s trite to write that the company’s data and customer base are the main assets of any business in the 21st century. However, the attitude to these assets is still careless: a sales manager can steal some part of the database and sell it, as well as sell himself too, as an option. Security in the corporate sphere is limping on both legs. This is happening all over the world, from London to Sydney. Employees and insiders are paying their revenge, making a profit on other people’s data, or just doing harm to their former bosses for their own reasons. The frequency of such events makes us stop, think, and sketch out Plan B.

“Well, we have a total of 2000 customers in our database, what a value!”, “C’mon, who the heck needs it?” – are the common answers to this question.

Let’s see an example of 2000 customers of a transportation company. The statistics say that winning a client in this niche costs 98 dollars. The company invested 196,000 dollars in acquiring those customers, besides that there are also customer service and retention costs. And then the company manager resigns and takes away the client base to the competitors (since the competitor has been looking for an employee with “business contacts,” right?) Just for as little as the monthly salary; they got a warm client base. It is enough now to make a discount or a bonus to those clients, and you get their loyalty.

Who is guilty here? The salesman? A sysadmin? No, the owner is guilty, he did not invest in protecting the most valuable asset of their business: the customer base. (Or the second most important asset, because someone will say that the most valuable asset is the people.)

Now imagine what (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by David Balaban. Read the original post at: