Page 27 - Security Threats new3
P. 27
Another example of this could be an employee simply accidentally deleting data
from a folder or spilling a drink on a device.
Some of these accidents can be a result of the limited time invested into properly
training and monitoring staff. Educating staff on how to keep their devices secure
and acceptable use of the businesses IT systems, will prevent a wide range of
threats.
Furthermore, by monitoring, such as with keyloggers, access logs and remote
monitoring software, we can ensure poor practices are not being followed and can
identify where the damage occurred.
Summary of internal employees
• Employees can physically steal or damage computer equipment without
appropriate security measures.
• Sometimes the threat of damage to computer equipment can be from natural
disasters, such as fire and flooding, or from threats that cannot be fully
prevented such as power loss or terrorism.
• Employees or visitors may be able to get access to sensitive data without an
appropriate user privilege system in place.
• Even with a user privilege system, if an employee gains access to
administrative privileges they can cause harm, such as removing security
software and changing access rights to other users.
• Without physical security for network servers and storage, employees can
walk in and damage or steal equipment without consequence.
• Without or with weak antivirus software, any ordinary user could
accidentally access an untrustworthy website and download malware that
could spread throughout a network.
• Employees could quite simply forget something on a train, potentially
permanently losing data or having it revealed online.
• Without proper staff training or monitoring, employees can access sites with
malicious content on that could infect the network.
