By Mary Beth Foster, TPF’s Director of IT
Insider threats are a plague to companies throughout the world, and unfortunately, churches and non-profits face these same threats. What exactly are insider threats, and how can they affect you?
According to Wikipedia, an insider threat is “a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors, or business associates, who have inside information concerning the organization’s security practices, data and computer systems.” In general, the most common types of insider attacks include fraud, the monetization of sensitive data, sabotage, intellectual property theft, and espionage. However, more often than not with churches and non-profits, the threats are not so nefarious, but are the result of a negligent or an over-casual approach to security controls. Because churches and non-profits are altruistic organizations, the overarching mentality when it comes to managing employees is one of inclusion and trust. Often, users are given more access than they need with not enough restrictions when it comes to key business applications.
So, what creates the vulnerabilities that allow for insider threats? While the contributing factors always vary, there are three main situations you need to be aware of and make every effort to actively manage in order to prevent insider threats:
It is the responsibility of each organization to protect the personal information of your congregations and supporters from these attacks. To do this successfully, it is imperative that you carefully monitor your data, business applications, wireless access security, servers, desktops, laptops, mobile devices, and your users!