No, I'm not a psychologist, but I can tell you people really are out to get you. What people? Why, your friends and colleagues--everyone you work with.

It's nothing personal. It's simply human nature. So if you're tasked with keeping your organization secure, a touch of paranoia is healthy.

The fact is, the worst threat to your organization's security comes from within. People are naturally curious, and if they know confidential information is stored on your network, some of them are going to try to access it. The question is, how easy do you make it for them to do so?

Take your network infrastructure, for instance. If you have a shared network fabric, using hubs in a star topology, do you realize that anyone with a software protocol analyzer can scan packets for an entire subnet? Those packets often contain unencrypted passwords and sensitive data. A switched network is less subject to that problem.

Do any of your users have modems on their desktop PCs? If they use modems to dial in to your network, they're opening a back door for themselves (and potentially for hackers) that your firewall will never see.

Do you take advantage of your e-mail server's encryption capabilities? Most organizations don't, because encrypting and decrypting every message can be a performance drain, but doing so can help keep confidential information private while in transit.

Do you keep your server room locked? It may be convenient to leave it available for people to pick up printouts and visit with operators, but anyone can sit down at a server console to which an administrator is logged in and view any information stored on it. You should keep your backup tapes under lock and key, too.

Do you look at your security logs? You probably log all kinds of security information automatically--that's something computers do very well. But do you check those logs for suspicious activity? If your logs are too full of data to make unusual events stand out, you need to reconfigure the kind of information you're trapping.