Network security:
If you’re not worried about it, you should be
Do you know that 70 to 80 percent of security compromises are caused by insiders?
Information technology (IT) security is essential, but IT security alone is insufficient. Why? Because computers and network systems do not steal identities; people do.
Contrary to common belief, most identities are not stolen by Dumpster divers; by robbers of mailboxes, autos and homes; or by purse and wallet snatchers. Most identity thefts are committed by employees and contract workers in entry-level jobs. Many times these hires are selected via outside staffing agencies that fail to use adequate screening. But such workers aren’t the only internal threats. Suppliers and vendors with access to pass codes, passwords or departmental and building key codes often are culprits. And upper management also can be guilty.
I’d like to share a story about Phil, a man close to retirement who was born and raised in a small town in mid-Missouri. Phil doesn’t own a desktop computer or a cell phone. Imagine his shock when he opened up a cell phone bill addressed to him asking him to pay more than $900. He has no idea where the company got his information. What he does know is that he now has to drive to St. Louis to prove his innocence.
It used to be that shrinkage (theft) was the biggest cost to employers after payroll and health insurance. Today, in the information age, what we have to think about is employees stealing information. Why would they steal merchandise when they can steal data and get money from it?
A St. Louis County car salesman recently was charged with aggravated identity theft. He is accused of using someone else’s personal information to get a credit card and then racking up thousands of dollars in purchases.
He allegedly used the person’s name, birth date and Social Security number and his own address and telephone number to apply for a credit card online. He told investigators he targeted people older than 70 “because they would die before anyone caught the fraud.”
Identity theft is the fastest-growing crime in the world, and until businesses institute proactive instead of reactive plans, the problems will continue to grow. Businesses need to implement penetration and vulnerability testing on their networks on a consistent and ongoing basis to help minimize the potential threat of intrusion. They need to increase their IT budgets, train employees and have strong policies regarding the appropriate use of technology in the work environment.
Dela Marshall is president of DM Technologies, www.dmtechsecure.com, and specializes in network security consulting. She can be reached at 874-3838 and at [email protected]