The first step to preventing employee-generated security attacks is acceptance of the threat and an awareness of how these threats could play out within your organization. It can happen to anyone, anywhere, at any time. There’s absolutely no place for an “it won’t happen to us” mentality when it comes to cybersecurity.
"Despite all the attention and resources that cybersecurity is receiving from the media, executive management, and governments, organizations still fail to protect their most valuable assets from hackers because they focus too much on network security while ignoring the employee identity theft and access exploitation risk,"
says Henry Bagdasarian
, the Founder of Identity Management Institute.
While some “inside” attacks stem from grudge-holding employees and fall under the malicious category, many others occur due to negligence, carelessness, or simple human error. Examples include:
- Human errors – inadvertently downloading sensitive data onto a personal device or a misaddressed letter.
- Carelessness – the loss of a company device or failing to log out of sensitive
- Negligence – misconfigured security settings or ignoring system warnings.
- Malicious – a soon-to-be-terminated employee uses his tech knowledge to compromise the system on his way out or, for personal gain, an employee gathers the personal information of customers.
Of course, human errors, carelessness, and negligence are all close cousins in the human family. Everyone messes up from time-to-time. It happens. But these slip-ups, whether they are more of the innocent or careless variety, can have a devastating impact when they result in a leak or loss of data.
Malicious intent is a predator of an entirely different breed. A disgruntled employee with access to data and systems can wreak security havoc in an unlimited number of ways. Revenge-seeking vendors and suppliers can also pose an “inside” threat.
Once management is onboard with a realistic awareness, it’s imperative that that same level of awareness filter through the entire workforce. Insist on mandatory and frequent training on cybersecurity risks for all employees that includes:
- A review of all security procedures.
- Ongoing instructions on how to avoid inadvertent data loss.
- Briefings on new risks, escalating threats, and recommended precautions.
- A reminder of the consequences of violating security policies, including termination and prosecution.
Make “Who has access to what data?” a regular part of the conversation for those in management. Strike a balance between too few folks in the know—a scenario that can impede service and forward momentum—and too many staffers with access to sensitive information.
Realize the need for close attention to:
- All computer usage on the premises.
- BOYD (bring your own device) procedures.
- The taking of devices containing confidential data out of the secure workspace.
- The proper disposal of devices and data.
- Unusual or suspicious behaviors.
- Unfamiliar or suspicious persons on the premises.
At MPS Technical
, we know the value of a trustworthy employee, and it’s our priority to bring the best of the best to our clients. Give us a call
to see what MPS can do for you.