It is surprising to learn that most computer crime against companies is committed by current or former employees. They know the system best, are entrusted with huge amounts of data, and have the easiest access. Managers and executives need to be aware of potential internal threats to their systems and put special measures in place to safeguard systems and data. They also need to impress upon all employees how important security is throughout the system right down to the last person.
Password theft is the easiest way for hackers to gain access to a system. No, they don‘t come into your office at night and look at the piece of paper in your desk drawer that has your password written on it. They generally use specially written software programs that can build various passwords to see if any of them will work. That‘s why you should use odd combinations of letters and numbers not easily associated with your name to create your password. The longer the password, the harder it is to replicate. The same password should not be used for more than one access point. Using multiple passwords limits the damage done if a hacker does manage to obtain a single password.
Safeguarding individual passwords from social engineering maliciousness is the responsibility of everyone in the organization. An effective way of limiting access to data is to establish computer-generated logs that show every employee who logged on, what they did, what part of the system they accessed, and whether any data were used or updated. Logs are easily created by system software programs and should be periodically reviewed by the information technology staff and department managers. If nothing else, it gives them an idea of what their employees are doing.