Your IT security threat is in the tent with you.

Most of the time, some people say 80%+, your IT security threat is in the tent with you (ie. someone who works for you) . Based on experiences at different workplaces, I’d have to agree.

First there was the ATM fraud, which I wrote about on Saturday. The bank took people to court over that. Unusual for banks, as they try to brush these things under the carpet. The brushing under the carpet is due to the embarrassment and all.

Then there was the fuel scam. A BMW Mini has a fuel tank capacity of 40 litres. Now perhaps in an alternative universe, there is a BMW Mini with a 70 litre fuel tank. Not in our universe. So when someone used their fuel card to fill the work Mini and it took 70.4 litres, we thought WTF?

Finally, there was the case of the accounts payable clerk thought no-one would notice the new Porsche 911 he drove into the car park one fine Tuesday morning. Yes, a $230,000 car paid for on a $50,000 salary, was noticed.

All these people were insiders and they had police criminal history checks.

Now when someone says to me, “we want all staff to give up their fingerprints for a police criminal history check”, my initial reply is “No.”

Followed by a prompt, “they’ll make little difference.”

After all, other organisations have had the same experience.

Further reading:
Police check security over Einfeld interview (24 Sept 2010)
Confidential Police files found in Melbourne drug raid 29 Sept 2010)