Employee threat for a company

Not only cyber criminals, but also the workers can harm a company - it is enough if they, deliberately or unknowingly, reveal classified information. How to solve this problem?

The danger can arise if the employee is sending business e-mails to a private address, is downloading illegal content or is using pirated software on company computers. An example is provided by Kaspersky Lab company. The employee was storing copies of office documents on private e-mail and the copies were later leaked to the Internet. After the experts have examined the case, it turned out that spy software was installed on the computer. It registered information provided by using keyboard, such as logging information for the e-mail account. Cyber criminals, who had this logging data, were able to steal the documents.

There are more situations like these. Kaspersky Lab gives the example of a worker, who brought his private laptop to work and connected it to the company network. On the computer there was BitTorrent program installed. Using it, the employee was downloading software (also pirated one) to use privately. Three months later, the police came to the company with a search warrant. The company had to pay a fine for the copyright infringement, caused by the usage of illegal software.

How to "protect oneself" from the employees?

The employer has a few ways of protecting oneself from situations described above. A conveyor, which can be used to reveal classified information of download illegal software is the company network. This is why you can limit employees' access to online information and block all the ports and protocols which are not used during the work. To limit employees' access to applications, the option "default deny" must be used. This means, that all the software used will have to be authorised by IT specialists. What is more, the employer should make sure of company documents' security and integrality. This can be achieved by using file encryption technology. That will make the criminal with access to encreypted documents unable to read them.

Besides using different technologies to identify and prevent the incidents, IT specialists should also remember to use administration tools – says Kirył Kruglow, Senior Research Developer and malware specialist at Kaspersky Lab. The users should now, what is allowed and what is forbidden by the security policy. They also should be aware of possible consequences of the abuse of the rules.

Add New Comment
Comments 1
lukkrzymin :
Ściągnął na " potrzeby własne" i na własny komputer, w takim razie dlaczego firma ma za to odpowiadać?
December 15, 2013 at 12:06 PM