A number of stories came to my attention over the past week or so that highlighted something that often gets overlooked, or indeed underestimated, by many of us charged with protecting the organisation’s networks and information. The following stories all have a similar thread

Port of Tampa Employees Victimized by ID Thief

Social Security Administration Worker Charged In Identity Theft Scheme

Officer Jailed for Leaking Police Records to Violent Criminal

Porn Swap Linked to Aegis Info Leak

Pioneer Press Claimes Ex-Publisher Gave Info To Rival

Each of the above stories outlines how sensitive data was leaked out of different organisations around the world. If you look at each one you will see that no complicated technical attacks were used, 0 day exploits were not a factor and indeed the much feared hacker was not involved.

Instead the common thread throughout these stories is that the insider who leaks information either deliberately or accidentaly still poses a significant threat to all organisations.

If you are charged with protecting your organisation’s security assets you should remember to look inside your perimeter defenses and see what risks your organisation may face based on the type of business you conduct. You should also consider the following;

1. Ensure need to know policies are in place for sensitive information.
2. Have accurate auditing and logging in place.
3. Review your auditing logs regularly.
4. Review your system logs regularly to identify unusual activity such as users logging in at unusual times or attempting to access systems they are not authorised to.
5. Regularly review the access rights different users have and ensure they are appropriate for their job roles.
6. Have filtering rules on your firewalls and Internet and email traffic filtering solutions to detect data leaving your organisation that shouldn’t.
7. Control access to portable devices connecting to your computers such as USB Thumb drives, IPODs and digital cameras.
8. Control access to personal email accounts such as hotmail, yahoo etc.
9. Have an effective security awareness program in place.