Security: The Insider Job


It is an interesting thing, security. You know security use to mean you have yourself a firewall and anti-virus software and you are fine and dandy. This might have worked a decade ago when tons of sensitive data such as personal records, credit cards and the like was not up for grabs.

Even with the need for greater security many businesses (SMBs and enterprises) still have the same mentality. For the past oh I don’t know off hand, three, five years I suppose, there have been many studies, many reports and all talk about the threat of the inside problem.

The insider doesn’t have to be someone who is disgruntled and wishes to do the company harm. That what I would like to talk about specifically in fact. The Insider job in small business.

We hear a lot about the IT manager who changes passwords such as what happened in San Francisco. To the possible problems of workers getting laid off and in a moment of anger sending confidential email and possible “company secrets.” But again a lot of problems do not come from those who wish harm, but from carelessness. A three digit password instead of something more robust, leaving passwords out, borrowing a company laptop and leaving it somewhere, using unsecured flash drives, etc.

In small businesses especially, management may not want to have a security policy. When there are few employees implementing a security policy might seem like the company views employees with suspicion. And that fear of ruining the team dynamic with more rules and regulations.

But the fact of the matter is security policies protect the employees, management, and the customers. The show that due diligence has been maintained by the staff of a company if a security breach occurs and can lower the amount of money a company or employees gets fined in a court of law. It is free to make and only requires a little bit of time to maintain. A few areas that should be looked at are the disposal of old hard drives, the use of flash drives, phishing emails and how to handle them, tracking of portable devices on the network, password creation, password storage, and backup and recovery policies.

The other thing you need to do is have that policy maintained and used. Every employee should know what areas are relevant to them and if changes occur the policy should be updated to reflect those changes. A policy that is not maintained is just as bad as a policy know one uses, which is just as bad as not having one in the first place.

Whether the company is big or small, a security policy that is written, utilized, and maintained goes a long way to helping with internal threats, and can reduce headaches for everyone in the company.

Categories : Commentary

Comments are closed.

About Us

WebHostBlog comes from the creators and former staff of WebHostMagazine.com. WebHostBlog has been a source for Web hosting information and marketing tips since 2003. Along with news and information on the Web hosting industry WebHostBlog.com has covered topics such as business strategy and marketing and continues to be a quality resource for host related subjects. Read More

Contact Us

We work long hours, however we are always interested in hearing what you have to say. So if you have any ideas, comments, questions, death threats, or have a business proposal let us know!

For information on getting a hold of us, you can find our contact information on our Contact Us page

Special Thanks

Our staff has been working with Web Hosts and Web Host finders and news and information sites for over 20 years now and on behalf of those who knew us at The Ultimate Web Host list, Web Host Directory, Web Host Magazine, Web Host Blog and other sites, we'd like to say thank you for helping to build this amazing industry. And we'd like to give a special thanks to many of you who have contributed to these pages, and to Web Host Magazine when we owned and ran it for 14 years. Thanks for your help and advice!
. . . . .