Ensuring your company’s security is something which requires constant care and attention. Hackers are discovering new exploits at an astonishing rate and routinely testing the boundaries of what we thought was possible. However, although this is certainly a terrifying prospect, it can be easy to forget the little things – and that the greatest threat to your company could be sitting next to you.
In 2016, IBM published their Cyber Security Intelligence Index report and discovered that 60pc of all breaches were carried out by inside elements. Although it was determined that around 75pc of these attacks were carried out maliciously, the rest were the result of accidents. Therefore, although the prospect of hackers targeting your website is certainly a terrifying one, the greatest threat to cybersecurity is not external elements – but the very people you work alongside with.
Preventing a cybersecurity breach is always better than the alternative – dealing with the aftermath. If the greatest threats to cybersecurity are employees, then your focus should be on ensuring your internal security is up to the task. For example, it is worth ensuring that:
Your policies are ‘human error’ proof
Not every employee is a security breach waiting to happen. Yet, it is worth understanding that well-meaning individuals can cause incidents completely by accident.
For example, strict deadlines may urge someone to take their tasks with them and work from home. Consequently, they might connect to an unsecure home network and this opens them up to malicious individuals. Human error does not only apply to the above scenario. It is also a factor in areas such as:
•Using public Wi-Fi. Although the security of these networks is questionable, employees must also be aware when using these. Public Wi-Fi implies a public area – meaning staff should be aware of who can see their screens.
•Password security. As well as ensuring passwords are complex, employees should never save their details when using browsers.
•Keeping devices safe. When using business assets, employees must ensure these devices are kept secure at all times. A crafty thief can make off with a laptop in a matter of seconds.
Passwords are managed well
One of the greatest threats to security is arguably poor password control. Despite repeated warnings, some staff members don’t take this seriously or make access rights secure enough. As a result, managing these from a central location could be a beneficial move. For example, ensuring all employees are registered on software such as 1Password could mean that individuals only need to remember one single code. Furthermore, when creating reports, locking these down could prevent sensitive data from falling into the wrong hands. Programmes such as Power BI allow restrictions on who can see what and are much more secure than many file sharing measures.
Ex-employers are locked out
It’s reasonable to assume that when an employee leaves an organisation, he or she will be locked out of any corporate accounts. However, research has shown this is not always the case. When OneLogin surveyed 500 IT decision makers based in the US, they identified the following:
•Almost half of respondents knew ex-employees who still had access to corporate applications.
•44pc of respondents weren’t confident ex-employees had been removed from corporate networks.
•25pc of respondents took more than a week to deactivate an employee’s access after that person had left the firm.
These stats make worrying reading if we consider – according to a PWC survey – that 28pc of cybersecurity attacks in 2015 were carried out by former employees.
Therefore, when someone leaves the company – either involuntary or through their own free will – their access rights must be terminated as soon as possible.
The key targets are identified
When creating a cybersecurity strategy, it’s worth putting yourself in the shoes of those trying to instigate the attack by asking what assets are most valuable. For a group of hackers, credit card information is usually gold dust but personal information can be important as well. Once identified, this list of key assets must be protected and monitored above all other systems.
The external threats aren’t forgotten
In this article, we have talked about internal threats facing corporations. However, it is important to remember that hackers are still out there – but will often pretend to be someone to gain access to data. For example, one scam in 2016 involved fraudsters pretending to be CEOs and asking employees to send details regarding other colleagues. Reportedly, this type of phishing scam has cost companies more than $2 billion around the world. Therefore, although individuals can have the best of intentions, employees must be educated as to these threats. Gone are the days of Nigerian princes seeking funds, now hackers are becoming increasingly sophisticated in their approaches. Consequently, it is vital to know who everyone is in an organisation. Furthermore, policies should be implemented which state that no transfer of personal information should be conducted via email.
Remember the main threat
Although hacking methods are developing at an alarming rate, it is important not to lose sight of internal threats. Employees, whether accidentally or maliciously, are responsible for the majority of breaches. Furthermore, even if your organisation is hacked, those individuals likely used a staff member to succeed.
This article was written by Tom Chapman. He is an SEO Specialist who wrote this piece on behalf of Wise Owl Training.
