Article written by:
Mallory Mohler
Senior Analyst
Hacking is all the rage these days. It seems like every morning when you turn on the news there is a new hacking headline. We have all seen the headlines – Russia Hacked the U.S. Election, WikiLeaks Hacked the CIA, China Hacking the U.S. – the list goes on. The news seems to have companies scrambling to figure out how to manage its cyber risk. In fact, the American Bar Association Journal’s feature story for the month is “Managing Cyber Risk.”
While managing external cyber risk is important, it is also important to look at your internal controls related to managing risk as well. Most companies have a difficult time believing a trusted employee could betray them and as a result, some times overlook important internal controls related to technology (unfortunately many times it takes an incident to bring this to their attention). Below is a sample of some steps to keep in mind related to managing your internal risks:
- Ensure all employees who have computer access have a unique user name and requires frequent password changes
- Lock down applications so employees only have access to applications necessary to complete their job duties and nothing extraneous
- Ensure that a user’s access is terminated concurrent with that employee’s termination
- Use software that creates an audit trail and review those audit trails for abnormalities
- Run exception reports to flag unusual activity
