When it comes to security most of the time we always think about keeping an unauthorized user out of the system.  We never really think about the internal threats to networks.  These threats consist of employees writing their passwords on their desk calendar or putting it on a sticky not and placing it under their keyboard.  They also consist of an employee or employees banding together to steal money, customer data, products, etc.  We also never think about employees bring in infected media and running it on company computers or the IT department cutting corners in security.  All these things can be damaging to a companies’ system.  I found this article titled “Security is not just external- Don’t Forget the “Other” Security”.  This article talks about a few security incidents that took place internally and not externally.  Most of the incidents noted in this article can be contributed to lack of awareness, bad judgment, and stupidity.  I must say that I agree with his article.  Most external hackers are usually after money.  What’s the different between them stealing data to commit fraud or to sell on the black market for money and an employee or employees banding together to steal thousands to millions of dollars from business. Employees steal from companies by taking products, customer records and company secrets to sell on the streets.  They also take from companies when they introduce infected e-mails or files to the organizations network.  Depending upon how bad the situation is, the company can lose money in downtime while the situation is being contained and cleaned-up.  I considered this to be bad judgment especially if your company has information awareness training and you choose to ignore it.  The article can be found at: http://www.securityweek.com/security-not-just-external-dont-forget-other-security