Insiders Are the Biggest Security Threat

1 2 Page 2
Page 2 of 2

Until recently, the New York City-based clothing designer Josephine Chaus was no exception. When Ed Eskew became vice president of IT about three years ago, there was no formal system in place for shutting down accounts of employees who resign or are let go. Now, human resources and IT work together closely?a process that, unfortunately, had to be used when the company recently had layoffs. "The moment a person is called from their desk into HR for termination, our IT people will go to their desk and remove the CPU" and change the password for their voice mail, Eskew says. People who leave the company voluntarily may get an interim password with limited access during their notice period.

Sound extreme? Perhaps, but Eskew says there’s no way to tell how someone will react to being fired. "You like to think that people will behave themselves professionally, but from a security perspective, how do you know? How do you explain that you didn’t protect against that?"

But that’s not always enough, as Lance learned when "Dr. Crime" ended up behind bars. Now, says IT chief Gragnani, "when someone leaves our IT department under suspect circumstances, we will go back and review the program changes that person has implemented recently."

It’s another prudent move for IT executives faced with securing their company’s assets. But it’s not like they have to spend all day, every day treating their colleagues as suspects.

Nasdaq’s Bickner uses 80 percent of his time getting people to do the right thing and only 20 percent making sure no one does the wrong thing. "Most of the people will do the right thing most of the time," he says. "We’re counting on people to make the right decisions and training them to do that. And the more you succeed on average, the less you begin to see any errant behavior."

Copyright © 2002 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
6 digital transformation success stories