Comments
SMBs Ignoring Insider Threats
Threaded  |  Newest First  |  Oldest First
jagibbons
100%
0%
jagibbons,
User Rank: Ninja
6/23/2014 | 9:33:12 AM
fewer resources and more hats
In a smaller business, key employees often wear multiple hats. Any single individual is likely to have more access and more information than in a larger organization where roles are more likely to be segmented and insulated. Additionally, SMBs may have the same level of resources (human or dollar) to throw at security. The worst case is when that network/security lead in IT decides to leave. If that's a difficult separation, it can be very difficult and very expensive to secure the business. Been there, and don't ever want to be there again.
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
6/25/2014 | 7:30:19 AM
Re: fewer resources and more hats
@jagibbons, I think you're dead on. This isn't a new issue, I've been seeing it for a couple decades in small businesses and I see it stem from the same handful of places. First is the cost to fully secure anything. A small business will chose to do things like fix a delivery van over spend the money needed to properly secure their network.  Secondly many employees wear multiple hats, I've seen functions in HR, IT and Accounting being performed by the same person, if you want to make it easy for someone to embezzle from you those would be the three roles combined that would make it almost impossible to catch them.  Lastly is that small businesses tend to form closer relationships that can be good and bad.  A good employee will be very loyal and will break their back trying to move the company forward but when things go bad they take it very personally and are more apt to do something in retribution.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
6/25/2014 | 9:37:17 AM
Re: fewer resources and more hats
Not only is it a very real problem, but it is a difficult problem to fix without alienating or arousing suspicion in that one staffer with the "key to the kingdom."
glenbren
50%
50%
glenbren,
User Rank: Moderator
6/29/2014 | 11:26:04 AM
Re: fewer resources and more hats
So what is a small company to do when they don't have the resources available to both fix the delivery van and secure the network? There's probably always going to be something with a more immediate priority, until it's too late.
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
6/30/2014 | 7:26:38 AM
Re: fewer resources and more hats
Sadly what I tend to see happening is that the intangibles are left undone until they cause a bigger problem.  Either data is lost, systems crash or someone embarrasses the company by pointing out the gaping hole in their security.  Then the issue is addressed.  Some IT issues are tough for small business owners to wrap their heads around so they ignore them rather than be confused trying to figure them out.  I stopped doing side jobs for small businesses because I got tired of trying to head off problems for these businesses and having them decide not to follow my advice.  Then later on I would be cleaning up a mess that could have been avoided.  Yes it was a way to guarantee income but the frustration wasn't worth it anymore.
D.M. Romano
50%
50%
D.M. Romano,
User Rank: Moderator
6/23/2014 | 10:01:13 AM
Gaining trust
Interesting report. Seems as though even in smaller businesses where one would think the level of trust would be higher doesn't necessarily predicate this notion. Very hard to gain a real sense of trust amongst those you go in business with...
chrisbunn
50%
50%
chrisbunn,
User Rank: Apprentice
6/24/2014 | 6:09:02 AM
Simple Steps
Insider Threats for SMBs doesn't have to be a total unknown. A range of simple practical measures can help any sized organization mitigate the risks - from restricting employees sharing passwords, restricting network access when employees leave, tailored user awareness training and manager's setting the example. How organizations can move from paranoia to protection is covered in our latest blog post here: http://www.isdecisions.com/blog/it-security/insider-threat-program-from-paranoia-to-protetion/


Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.