The recent case of a Wand corporation help desk team member, who has plead guilty to sabotaging the Wand network again highlights the threat of internal attacks. As the UK and the world is experiencing an extended recession, potentially with IT and other staff being made redundant. Human Resource (HR) procedures and security systems need to be in place, to cope with the increased risk from internal attacks.

Human resources are responsible for running background checks and vetting new staff members, with staff managers closely monitoring staff work quality and performance. Any staff members with high level or administrative network privileges will require more in depth vetting procedures and more frequent reviews.

It is important to have a humane HR approach to redundancy, though procedures have to be in place for staff with high level access to be escorted from the building if the circumstances demand it. Procedures have to be in place between HR and IT management to communicate any changes in staff roles, to ensure that all appropriate permissions and access are revoked and known administrative passwords altered. At the same time procedures to deal with the ex-staff member workstations (hard disk contents), and e-mail (backup and hand over to other staff members) needs to be followed.

The security systems need to be in place to be able to rapidly revoke network access to members, and painlessly change administrative passwords globally allowing HR procedures to be actioned. The systems will be able to alert on suspect admin access, and correctly log all administrative access providing an audit trail that can be followed when trying to determine the extent of any damage.