Reuters, via The Guardian and other publications, is reporting that the current recession means that security risks will increase, for more reasons than one.  The obvious reason is the fact that companies will stop or delay new purchases and upgrades of data security solutions like full disk encryption software, which in turn increases the odds of successful hacks by outsiders.  However, it’s also pointed out that during recessionary times, a company needs to be extra vigilant about insiders as well.  According to the article:

“If you are in an environment where you are laying people off or morale is low because of the threat of layoffs, then people’s moral compasses are going to waver,” said Forrester Research analyst Jonathan Penn.  “There will be more people walking away with data that they shouldn’t be walking away with,” he added.

Makes sense, actually.  I mean, even if it’s not a recession, thefts tend to increase in the workplace if people are fired or if there is a noticeable, inequitable difference in salaries (e.g., C-levels get millions in options and bonuses, but you don’t -- causing low morale and increased symptoms of getting-my-dues-it is…via the theft of Post-It notes! and other assorted office supplies and equipment).  I can only imagine that being fired in a recession means there’s that extra incentive (read: money) to cause trouble.

Except, in a recession, you’re really gonna need the money, so, instead of sticky notes, how about a client list with their bank account information?  Just pop in a USB memory stick into the computer and start copying away.  Of course, not all moral compasses will waver.  But some will, and the question becomes “whose?”

Unfortunately, a game of “guess who” could turn everyone into losers.  For example, say you’re with management, and there’s this one employee that you always thought was shifty.  You kind of “increase” security around him.  You’re suddenly a little bit stricter, a little less flexible, a little less forgiving of mistakes.  A change in behavior--from you, the guards, whatever--is going to be noticed by staff, but the staff also happens to know this shifty guy is actually something of a saint.  Oops.  Instant lower morale, the beginnings of a “us vs. them” mentality, perhaps a lawsuit for harassment….all this when the organization can least afford the drama.

As the article above pointed out, the best thing to do, despite the lack of resources, is perhaps to start or increase the use of data security products like hard disk encryption or file encryption; USB port control; and software application controls (Plug: AlertBoot offers all three for one price).  But along with the investment in such products, you’d be advised to start monitoring and auditing of data transfers and the like.

Just make sure you yourself are going over the audit reports as well…