6 Overlooked Internal Security Threats
By Dr. Myles Vogel, University Dean of IT, Computer Science and Engineering
Data Privacy Day is held annually on Jan. 28 to raise awareness and empower people to protect their privacy and control their digital footprint. Colorado Technical University (CTU) is committed to promoting privacy awareness and has partnered with the National Cyber Security Alliance to help spread the word about this important issue. On this blog, CTU faculty share their insights and tips to keeping your digital identity safe.
As a former CIO to Fortune 500, high-tech startups and international firms, I had early concerns about data protection, but then quickly realized that “data protection” is a misnomer. It is much broader in scope than most realize.
For data to truly be an asset, there must be processes, procedures, systems and ownership that insure the accuracy, integrity and timeliness of the data. If data does not have these attributes and capabilities, then why should we be concerned with protecting it? This reveals an obvious front-end requirement of the spectrum of data protection.
Data alone has no value. It’s simply content until someone transforms it into meaningful, insightful and usable information. But that’s only the beginning. The information lacks power and value as well, until it is turned into actionable knowledge and intelligence. That’s when you achieve competitive advantage.
Data (Asset)-Information (Power)-Knowledge (Competitive Advantage)
It is in the transition from data to knowledge that conversations about data protection flow because really, the issue is ensuring your data isn’t to take away your competitive edge but rather to help you reduce costs and increase revenue.
When organizations are too heavily focused on data protection, they adopt a “hard on the outside, crunchy on the inside” perspective toward external security threats. Attention is given to authentication, non-repudiation, identification, firewalls, encryption, passwords, VPN and a whole range of hardware, security systems and software.
Yet, little attention is given to internal security threats. It’s these inside vulnerabilities that have the ability to transform simple data into powerful knowledge that can become a threat to you or your organization. Consider these ways your internal resources, namely your employees, are putting your data at risk:
- An employee downloads key customer lists to a portable storage device attached to a key chain, and then walks out your doors.
- Critical information is printed, put in a file folder and shoved in a briefcase that leaves your office.
- A traveling employee uses unapproved devices to communicate sensitive, internal information over unsecure networks, such as public Wi-Fi and Bluetooth.
- Cloud-based file sharing opens the door for internal breaches.
- Social media connects online users but also becomes a portal for transmitting confidential information.
- Telecommuting employees create a range of potential security risks, especially if working from a home PC.
These internal security threats are much harder to solve and prevent. Yet, many organizations don’t fully comprehend the magnitude of potential risk at hand. It takes more than enforcing a few internal policies sand procedures, but direct action to ensure your data, information and knowledge is safe and sound.
How do you handle internal threats?
Dr. Myles Vogel, is the University Dean of Information Technology, Computer Science and Engineering at Colorado Technical University. As a former CIO, Dr. Myles Vogel brings over 25 years of experience in IT for domestic and international firms within the oil, tech and medical industries. Connect with Dr. Myles Vogel on Twitter @CTUTech.
Stay in the know! Subscribe to CTU’s blog and receive fresh updates directly to your inbox. Join us!
Image credit: Shanghai Daddy/Flickr