Is your company at risk?
Judy didn’t mean to jeopardize her company’s future when she asked her employer if she could take home two old computers from the store room for her teens and later sold both at a garage sale for $25 each. The happy buyer, however, found intriguing company information that she gave her husband, who worked for Judy’s company’s largest competitor.
Last year, a local business that relied on one IT manager to handle all their technological needs found out how much trouble an IT geek can make. When the general manager disciplined “Jeffrey,” he changed everyone’s passwords and locked key managers off the Internet. Outraged, the general manager fired Jeffrey but not before he turned off the entire company’s Internet link.
“Katie” wreaked similar havoc. Her company found themselves in IT hell for three months while Katie worked massive amounts of overtime fixing problems. No one realized that Katie manufactured the problems allowing her to attain heroine status and time and a half pay. Luckily, Katie caught cold and had to stay home, allowing her company’s computer system to get well.
Scary stories? Not according to Digital Securus’s CEO Glen Klinkhart. Klinkhart recently spent two hours buying used hard drives from pawn shops and garage sales. From these hard drives, many purchased for $5, Klinkhart gleaned mutual fund, credit card and online banking account information, internal company sales information and even the software, passwords and instruction manual needed to print one company’s checks.
Says Digital Securus’s Chief Information Officer Mike Messick, “the best computer or company security on the planet can be undone by one stupid move,” citing how President Obama’s Marine-1 helicopter plans turned up on a computer in Iran because a government contractor had installed peer to peer file-sharing software on a computer. “People don’t realize that when you download free movies and other information from the Internet, others on the internet may be able to access information on your computer as well.”
“At home you close your windows, lock your house, ask your neighbors to keep an eye on things and take other measures to make your house less a target for thieves,” says Klinkhart because “what good does a security system do if you leave your door wide open?” Companies with sophisticated technological protections make the same “door open” error says Messick “when they fail to invest in basic information security concepts like policies and employee awareness. All it takes is for one employee to take sensitive information home at night or email it to their internet account, and the entire company is put at risk.”
Equal devastation can occur, says Klinkhart, happen when you put your company’s entire technological needs into the hands of one IT manager. “What most employers don’t realize is that they’ve just given this one potentially eccentric individual the keys to the kingdom. It’s great when it works, but the person on his best behavior you hire isn’t the one you may ultimately need to discipline or fire. If this IT-sophisticated individual becomes disgruntled, he can take your company down. He can lock all your passwords, remove all your accesses and make sure the bits and bytes don’t go off in the right ports.”
Messick has seen situations in which a disgruntled former IT employee mysteriously deleted company files by coming in through a remote access port he still had access into and a ticked off IT manager who walked into a server room and shut down critical systems, causing tens of thousands of dollars in lost revenue to the company. “It’s pretty serious,” he says, “companies spend most of their resources protecting from outsiders, and don’t give enough attention to insiders who have the knowledge and access to cause extreme damage.”
Is your company at risk from an inside job that could turn your company inside out? If so, consider how you’ll close your “wide open” door.