Top ten tips to stop internal hackers

Company insiders commit 70 per cent of all security breaches, but few IT bosses know how best to protect their employers' most valuable assets.

But now silicon.com readers can get top advice from UK security consultancy Orthus, who only last week warned our readers of the dangers helpdesk staff can pose (http://www.silicon.com/a50880 ).

Here's its top ten tips for protecting your data from rogue internal staff:

1. Identify potential targets such as personnel, client credit or corporate financial databases and vulnerable procurement system applications.

2. Implement architectural features to isolate, minimise and monitor internal user access abuses such as using packet sniffers to monitor internal traffic and host and/or a network-based intrusion detection system to identify internally-based attacks.

3. Establish strong, detailed user security policies and procedures and thoroughly explain them to your staff, along with user requirements and responsibilities.

4. Ensure all staff receive appropriate training in the correct use of and access to intellectual property and corporate information systems such as internet and email. Make sure they sign applicable appropriate use and nondisclosure agreements.

5. Define and communicate the threat to management.]

6. Establish and maintain a high-profile security awareness programme.

7. Monitor and enforce established security policies and procedures.

8. Routinely audit the programme and fix the holes!

9. Institute a formal user registration and deregistration process to minimize the threat from former employees.

10. Prosecute offenders.