The enemy within

Computerworld - On March 23, 2004, an employee at an Anaheim, Calif.-based insurance company was indicted on federal wiretapping charges for allegedly installing an electronic device onto a company computer to record every keystroke made on one keyboard. According to the indictment and a criminal complaint filed earlier in the case, the accused installed a device called a "key katcher" on a computer connected to the Internet that was used by a secretary to the vice president of the insurance company.
This is believed to be the first case in the nation in which a defendant was charged with illegally using keystroke-logger hardware. Such a device is attached to a computer keyboard cable to record every key pressed on the keyboard. Parents use these to monitor the computers accessed by their children, but in this groundbreaking case, the device was used to record keystrokes pressed by company employees.
The insider threat
It has been argued that the greatest vulnerability for an organization arises from security breaches perpetrated by insiders. Since fraud, theft and blackmail can be accomplished more easily by insiders, implementation of employee awareness programs and computer security policies is imperative. These threats can lead to the loss, corruption or unavailability of information, resulting in a disruption of service to the organization's clientele.
Restricting access to information that may be altered or misappropriated reduces this exposure. The institution may be held liable for any release of sensitive or confidential information pertaining to its customers; therefore, appropriate procedures to safeguard that information are warranted. In his Feb. 24, 2004, testimony before the Senate Judiciary Subcommittee on Terrorism, Technology, and Homeland Security, Keith Lourdeau, deputy assistant director of the FBI's Cyber Division, stated that "Insider attacks originate from a variety of motivations (e.g., financial gain; personal grievances; revenge; recruitment; or coercion). It isn't necessarily the motivation that makes insiders dangerous, but the fact that they may have unfiltered access to sensitive computer systems that can place public safety at risk."
Following the tragic events of Sept. 11, 2001, security as a whole has been at an all-time high. Security personnel should know how to handle intruders, bomb threats and other disturbances. It remains imperative that the locations of critical IT assets aren't publicized and that the facilities where they are housed remain inconspicuous. A disgruntled employee may try to sabotage facilities, equipment and data files. Therefore, personnel policies should require the immediate removal from the premises of any employee reasonably considered a threat and the immediate revocation of that employee's computer and facility