Biggest IT threats
are often internal
DOUGLAS W. GROSFIELD
In protecting a business, it seems
instinctual that one would set the alarm
and lock the door when leaving. However, when it comes to valuable client
information, an alarm system is not
enough. Today, the greatest threat to a
company’s security is already on the
According to Deloitte’s annual security survey, the most significant risk to a
company is its people. Intentional or
accidental, because of human error or
someone capitalizing on it, many
organizations are closer to a breach in
network security than they know. This
is part of a growing phenomenon
known as social engineering, which is
the art of exploiting human error in
order to gain access to buildings, servers or data.
For professionals such as accountants
and lawyers, the consequences of such a
security breach can be devastating.
From sensitive financial documents, to social insurance numbers to
proprietary client information, all of
this can be stolen in an instant, putting
clients at risk and a company’s reputation on the line.
A walk past desks in an office may
reveal several security violations.
tion about the UNC (universal naming
convention) path, which can provide
server names, folder structure, etc.
n;Applications left open on computer:
It takes seconds for someone to get in
and access the same information that an
employee can access.
Regardless of whether the computer is
password protected, if it is not locked
down to the desk, it can be stolen easily
allowing the thief to attack at leisure
n;Wireless network open for others
to use: Having a security key for the
wireless network is not enough. It
can be cracked depending on the
level of encryption.
KOSTYANTIN PANKIN / DREAMSTIME.COM