If the news is to be believed, it seems that no organisation is safe from the curse of the rogue insider. All too often we hear about companies falling victim to fraud or data breaches from inside their own walls – and questions are asked about how it happened, and how to stop it happening again.
How can you be sure that your security measures protect your systems from harm? Here is a short quiz to find out.
1) Is it possible for a member of the IT team to get into anything they want?
If you answered yes, then you could have a rogue employee working within your IT team. If IT use an ‘admin’ account that’s shared amongst the team, then your information and system is not only at risk but you have no way of telling who is to blame if something does go wrong.
2) Do you have a spreadsheet that has every password on it just in case someone forgets theirs?
If so, then a rogue employee could also know every password. Think for a second, do you know who can, or has, accessed it? Would you even know?
3) Can former employees still use their credentials to get into your company?
If you don’t automatically decommission a former employee’s account, and change all the credentials for any shared systems, then a person can still wander unchallenged virtually within the organisation.
4) Are all your machines set to the same password?
If the answer is yes, then a rogue employee could access any machine. Having used the credentials to access the machine, would you be able to determine who’s hiding behind the nameless ID?
5) How many people in your organisation have access to information that they don’t need to perform their roles?
If so, then a rogue employee could be selling your secrets. Even if you answered no, are you 100% sure? Has anyone changed roles recently within your organisation and has their access been changed accordingly?
6) Do you have people working on the helpdesk that are on a relatively low income?
The help desk employees may have the ability to reset passwords and access systems in an unrestricted manner giving them full and unaudited access to department computers.
Since the access is via generic or impersonated accounts, there is no trail and unlimited access for a potentially anonymous offshore or local minimum wage person.
7) Are you monitoring what employees are doing with the access that they do legitimately have?
If you are then you might detect a rogue employee, but could you stop them? Just because someone has legitimate reason to access the customer database, or the research and development material, doesn’t mean they won’t do something they shouldn’t.
How to spot the rogue
Organisations have built solid businesses on doing just that, conducting stringent testing and behavioural analysis of a person’s psyche to determine the risk they pose to your security.
However, the question isn’t necessarily how to spot the rogue, but how to make sure any damage is limited.
Getting a handle on the permissions within your organisation is one piece of the puzzle, as is control over your privileged accounts.
Making sure people have only enough access to get the job done closes most exploitable avenues. The next element is close monitoring and auditing for what people are doing with the permissions they have.
Don’t allow a rogue employee to hide behind anonymity – attribution will make him identifiable and time-limited access will stop him in his tracks.
