When it comes to security most of the time we always think about keeping an unauthorized user out of the system.  We never really think about the internal threats to networks.  These threats consist of employees writing their passwords on their desk calendar or putting it on a sticky not and placing it under their keyboard.  They also consist of an employee or employees banding together to steal money, customer data, products, etc.  We also never think about employees bring in infected media and running it on company computers or the IT department cutting corners in security.  All these things can be damaging to a companies’ system.  I found this article titled “Security is not just external- Don’t Forget the “Other” Security”.  This article talks about a few security incidents that took place internally and not externally.  Most of the incidents noted in this article can be contributed to lack of awareness, bad judgment, and stupidity.  I must say that I agree with his article.  Most external hackers are usually after money.  What’s the different between them stealing data to commit fraud or to sell on the black market for money and an employee or employees banding together to steal thousands to millions of dollars from business. Employees steal from companies by taking products, customer records and company secrets to sell on the streets.  They also take from companies when they introduce infected e-mails or files to the organizations network.  Depending upon how bad the situation is, the company can lose money in downtime while the situation is being contained and cleaned-up.  I considered this to be bad judgment especially if your company has information awareness training and you choose to ignore it.  The article can be found at: http://www.securityweek.com/security-not-just-external-dont-forget-other-security

Miami Hospital Suffers Second Breach within a Year

The University of Miami Hospital suffered another patient breach this year where two of its employees are suspected of stealing patient data from the hospital.  The information stolen during the breach includes names, last four of socials, date of birth, addresses, insurance policy numbers, and medical history of each patient.  At this point they don’t know how many patients were affected by the breach. The hospital is also offering two free years of credit monitoring for all those who may have been affected.   This Miami hospital may want to consider employee screening before hiring and revamp their security policy.  Most of the times when we think about breaches you assume that someone from the outside has hacked into a system and caused harm.  We never think about a breach taken place from inside the company by employees who are authorized to view and handle your information.  It’s kind of scary when you think of all the places that have your information and all the different people that have access to it.  This article can be found at:  http://www.scmagazine.com/miami-hospital-hit-by-second-patient-breach-this-year/article/258895/

Gamecock Data Breach

University of South Carolina suffered a breach on June 6th that may have compromised about 34,000 students and staff personal information to include their socials.  The school is unsure when the breach took and place however they suspect that the breach originated overseas.  The article can be found at
http://threatpost.com/en_us/blogs/gamecock-data-breach-affects-34000-082212