November 2008

Employees who experience monetary stress may unleash unexpected behavior, especially when they have access to information that can fetch a price or be used to buy merchandise. Not only is the economy a factor, but the upcoming holidays will present added pressure. Companies will need to be mindful of disgruntled employees who have been laid off and may be out for revenge. They can create havoc by sabotaging network access, destroying sensitive company information or anonymously releasing that information to the public. Any one of these incidents could hurt your business.

Now is the time for proper oversight and adherence to polices that protect your data. Disable access for terminated  employees immediately, track employee access to critical data, and block or establish strict policy regarding data transfers to removable media devices. Those with privileged user rights or administrative access rights should also have the required oversight to ensure sensitive data is not being exploited.

Last July, a San Francisco city network administrator was arrested for holding the network hostage when he was about to be fired for alleged poor performance. At that time, it was said that he may have installed the means to electronically destroy sensitive documents. He was accused of computer tampering, creating a single password, and denying other administrator access to the city’s network.

An employee that feels retaliation against their employer is justified should not be underestimated. And although no one can control the actions of an employee spurred by motive, it’s your job to limit their opportunity as much as possible. One example of due diligence is to  obtain an independent, outside audit of your information systems and Web facing applications. Clarksville Gas and Water Department revealed last month that they had done this for the first time. It disclosed that “terminated employees were able to retain access to critical information and that password requirements were too lax.” They also found that their payment Web site may not have been fully secure. This information is invaluable for keeping information secure and will ensure business continuity for employees and customers.

An ongoing option to protect against external and internal attacks is to implement NCX Group’s managed security services with a monitored intrusion detection system in place.NCX Group has helped many companies tighten their security controls. We discover areas vulnerable to attack and provide oversight and guidance for smaller organizations who don’t have the personnel on staff to ensure proper security measures are being performed.

If your company is experiencing financial hardships, the last thing you need is a data breach or sabotage event. Know who has access to critical systems and where your information is going. NCX would like to help you ensure it will stay protected. We would be happy to discuss your needs and provide a quote to identify where you may be vulnerable.

For more information about our services or for a free consultation on how our experts can help you secure your data at a price that will fit your budget, call us at 888-448-5451 or request a representative to call you.

NCX Group, Inc. is a leading information risk management firm specializing in the assessment and mitigation of risk associated with today’s technologies and business processes.