In a recent survey by Vormetric a whopping 89% of respondents said they felt their company was at risk from insider attack, with 34% saying they felt very or extremely vulnerable.
Senior management are most concerned by the potential for damage, caused either maliciously or through neglect, by trusted employees. This anxiety is supported by the Ponemon Institute who reported that 62% of employees have access to company data they shouldn’t.
To help reduce risk to exposure companies might want to consider:
- Who specifically requires access to particular information and what for (can the information they require be found from another source)
- What controls are in place to limit access to only those who need it to carry out their job roles
- How to identify unauthorised access
- What information is of value to others
In order to be productive companies need to give employees freedom to work without impediment. Balancing access to information whilst protecting what’s confidential can be achieved through the introduction of simple security systems, including the evaluation of risk from electronic eavesdropping – now the highest growth area of insider attack.
Having a proactive Technical Surveillance Counter Measures (TSCM) program in place, demonstrates a best practice approach which will reassure board members, clients and stakeholders. As well as locating and identifying hostile electronic surveillance devices, an effective TSCM program is designed to detect technical security hazards, physical security weaknesses or security policy and procedural inadequacies that would allow premises to be technically or physically penetrated.