Cybersecurity #2 – Preventing Employee-Generated Security Breaches
The first step to preventing employee-generated security attacks is acceptance of the threat and an awareness of how these threats could play out within your organization. It can happen to anyone, anywhere, at any time. There’s absolutely no place for an “it won’t happen to us” mentality when it comes to cybersecurity. "Despite all the attention and resources that cybersecurity is receiving from the media, executive management, and governments, organizations still fail to protect their most valuable assets from hackers because they focus too much on network security while ignoring the employee identity theft and access exploitation risk," says Henry Bagdasarian, the Founder of Identity Management Institute. While some “inside” attacks stem from grudge-holding employees and fall under the malicious category, many others occur due to negligence, carelessness, or simple human error. Examples include:
- Human errors – inadvertently downloading sensitive data onto a personal device or a misaddressed letter.
- Carelessness – the loss of a company device or failing to log out of sensitive
- Negligence – misconfigured security settings or ignoring system warnings.
- Malicious – a soon-to-be-terminated employee uses his tech knowledge to compromise the system on his way out or, for personal gain, an employee gathers the personal information of customers.
- A review of all security procedures.
- Ongoing instructions on how to avoid inadvertent data loss.
- Briefings on new risks, escalating threats, and recommended precautions.
- A reminder of the consequences of violating security policies, including termination and prosecution.
- All computer usage on the premises.
- BOYD (bring your own device) procedures.
- The taking of devices containing confidential data out of the secure workspace.
- The proper disposal of devices and data.
- Unusual or suspicious behaviors.
- Unfamiliar or suspicious persons on the premises.