Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.

LINK TO:, home page.
The network security practice of Bennett Gold LLP, Chartered Accountants.

Security News Headlines:


GO BACK to Previous Page.

Posted on June 16, 2001

      Why is it that, when four out of five IT-related crimes are committed from within an organization, most companies still believe that the only threat comes from faceless hackers and virus writers? External threats should be taken seriously, and protection put in place, but nobody knows your security loopholes better than your employees.

      Despite their common occurrence, internal security breaches go largely unreported. What company wants to publicize that sensitive information has been accessed from within? Employees understand in detail how their organization's systems work. If someone has access to passwords they also have access to confidential information.

      An expert can also exploit software loopholes or weaknesses to introduce viruses or gain access, or use hacking tools designed for Denial of Service, intrusion or password cracking to cause mayhem. Employees can unwittingly open a company's innermost secrets through sheer carelessness, and the most damaging viruses have spread because people open email attachments.

      Another problem is remote workers turning off security protection on laptops. Intrusion detection, antivirus software, firewalls, network scanning, encryption and triple A can be employed to provide an effective and co-ordinated set of defences. It is important to create security zones with varying access rights.

      Passwords and policies need to be changed regularly, and for really sensitive information it is worth considering physical measures such as restricted areas, card keys and biometrics. However, companies need to ensure that the security measures taken are appropriate -- don't spend vast amounts of money protecting worthless data.

      Even the most comprehensive security system is a waste of money without a clear security policy and culture. Attitudes to employee email and Internet abuse are often lax and this can lead to internal security breaches. Staff must be vigilant and aware of potential dangers.

      Internal breaches, whether malicious or careless, should be dealt with according to a disciplinary code laid out in an employee's contract. Security must be top of the agenda when mapping out company policy.