Fear of insider threats hits home

iT security technology soaks up a lot of the security budget, but companies are starting to see that the insider threat posed by employees is just as important

"We've been putting cameras on all entrances and exits, looking at using badge numbers for tracking purposes, and keeping a closer eye on what people are doing and where they are going," said Adam Le, director of IT infrastructure at Alliance Imaging, a healthcare testing specialist. "We're also contemplating things like fingerprint scanners and other biometrics and looking at encrypting all data at rest on laptops."

Companies walk a fine line in balancing the need to watch over their workers for security purposes and becoming too intrusive, the expert admitted. However, Le said that with businesses like Alliance facing mounting pressure from regulators to lock down every piece of patient data they record, employees must understand that the process is about protecting the firm and not about assessing personal work habits.

In another effort to deal with the insider threat, Alliance, which provides outsourced medical imaging capabilities to hospitals and other healthcare organizations, has added new user authentication and monitoring tools made by ConSentry to its IT environment.

By increasing security for remote workers and giving the firm a more detailed roadmap of file access activities carried out by its employees and customers, Le said he believes Alliance is finally getting ahead of the insider problem and arming itself with a way to keep everyone honest.

One of the most significant issues the company has dealt with in the past are efforts by insiders to view the records of famous or high-profile patients, activities that are directly at odds with the US Health Insurance Portability and Accountability Act medical data protection regulation.

In some cases, the incidents have been the result of mere nosiness, while in others, the firm suspects that workers may have been looking to share sensitive data with outsiders for a profit.

After conducting both technological and physical penetration tests on its operations, Le said that Alliance feels it is making the right moves to address the issue after augmenting its operations as such.

"With the threat of data theft for identity fraud or to get information on our high-profile customers, we had to work to get a better picture of who was accessing what files," said Le. "Since putting the tools in place, we've been able to track people down when they do something wrong, and I think that type of response travels among workers by word of mouth; overall those types of issue have almost disappeared now that people know that their activities will be monitored."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about ACTArcSightConSentryDLPFinancial InstitutionsLeaderSecurity SystemsVIAWebex

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matt Hines

Latest Videos

More videos

Blog Posts