Jason Ashley warns that internal computer security is being compromised
The rise in data security breaches and trade secret piracy over the past year is a wake-up call for executives - network security is not enough for global insurance corporations.
Incredibly, one in 400 messages leaving a company contains confidential data and one in 50 files on open share (a folder where anyone on the network can add, delete or change files, without needing a username and password) is exposed.
I believe that the threat poised internally is just as great as at the perimeter.
Over the last few years we have seen an increasing number of internal network threats in the industry. These range from specific 'spear phishing' attacks, disgruntled employees or mismanagement in a 'get the job done' approach, right down to intellectual property going out on a device attached to the network.
'Spear phishing' attacks are particularly prevalent within the industry. Spear phishers send emails that appear genuine to employees or members within the company, organisation or group.
The message might look like it comes from your employer or from a colleague. It might appear to originate from a senior figure, such as the head of human resources or the person who manages the computer systems, and could include requests for user names or passwords.
The truth is that the email sender information has been faked. Whereas traditional phishing scams are designed to steal information from individuals, 'spear phishing' scams work to gain access to the company's entire computer system.
Any employee that responds with a user name or password, or clicks links or opens attachments in a 'spear phishing' e-mail, pop-up window or website, risks becoming a victim of identity theft, which puts him or her and the company at risk.
Internal staff still believe that the use of the corporate network and company data is theirs to use indiscriminately.
Of course, organisations need to allow employees the flexibility to enjoy their roles, but with access control monitoring and blocking of company data.
It's important to remember that this is the responsibility of the organisation itself. Not everybody has the company in his or her best interests. IT
' Jason Ashley is senior partner at BEW Global
