Insider threats contribute to a significant number of data breaches. These cases of data exposure are enabled by a member of your staff, whether they intended to harm your business or simply made an honest mistake. With so much focus directed toward the threats out in the world, sometimes we forget that the biggest dangers can be among our ranks. To make up for this, we’ll discuss a few ways to keep insider threats from doing your business too much harm.
As we begin, let’s refer to some stats that were drawn from a Forrester Research study.
- Insider threats cause 40% of data breaches.
- 26% of these data breaches are malicious.
- Accidents and general use cause 56% of these breaches.
Clearly, simple mistakes contribute the most to data breaches. To prepare for these circumstances, let’s examine some of the most common errors made by end users.
Misplacing Devices while Traveling
Most workers have some sort of commute to look forward to as they go to and from the office, and business often requires an employee to travel on behalf of the company. This creates an opportunity, should the employee have a work device with them, for that device to be lost--left at airport security or in the backseat of an Uber--or stolen. Remind your employees how easily such devices can disappear, and that they need to be cognizant of them as they are traveling.
Using Unfamiliar Flash Drives
Flash drives are everywhere these days, which isn’t necessarily a good thing for your business. While many are harmless, the little storage devices can easily be converted into a vehicle for malware. If this is the case, once the USB drive is plugged in, the workstation and quite possibly your entire network could be infected. While this doesn’t mean that flash drives should be forbidden from your office, you should mandate that IT takes a look at them all before they are used.
Letting Devices Connect Willy-Nilly
Chances are almost everybody in your office has a smartphone, along with a laptop and various other devices that all utilize an Internet connection--which means that potential points of access to your network have increased considerably. To counter this, you need to put a Bring Your Own Device (or BYOD) policy in place that protects both your employees and your business. Utilizing a comprehensive mobile device management platform, a BYOD policy will dictate what control you have over user access and data transmission using employee and customer mobile devices.
Being Careless With Company Information
Back in World War II, there was a propaganda campaign by the United States Office of War Information warning citizens against the possibility of providing enemy spies with information: “Loose lips sink ships.” The same can be said of most business operations. Seemingly innocuous choices, like using a personal email account for business purposes, could potentially lead to a data leak. Personal email simply doesn’t have the same protections as business-class email does--and that’s just one example of how your data could be left vulnerable through employee negligence.
If your organization has difficulties with your end users making mistakes, reach out to us for help. Call White Mountain IT Services at 603-889-0800 for more information.
- Tip of the Week: Awareness Is Important When Surfing the Web We all love the Internet. We all use it almost every day. For this week’s tip, we’ll review a few ways to help keep yourself from getting in trouble while browsing. Sacrificing Security for ConvenienceFor starters, most of the threats to be found online are of the sort that can be avoided somewha...
- Tip of the Week: Keyboard Shortcuts to Save You Time Even the simplest tasks in the office can eat up a surprising amount of time over the span of a year. For example, did you know that switching from your keyboard to your mouse can consume up to eight full work days every year? By taking advantage of keyboard shortcuts, you can cut down on the amount...
- Could You Spot a Social Engineering Attack? As invaluable as the security solutions that protect a network are, they can be effectively rendered useless if a cybercriminal is skilled in social engineering. Social engineering is the practice of using manipulation to access protected resources, as we will review later. If your business and its ...
- Three Gifts for Your IT Resource The holiday season is here, and the spirit of giving is in the air. Why not give the IT professional in your life a few things that they’ve been wishing for all year? Here, we’ve compiled a list of things you can give them, some of which will cost you (and your business) nothing. Wish One: Securi...
- Tip of the Week: Download the Second Windows 10 Update of 20... Windows 10 just got a second update for 2018. Some experts think this many major updates to the OS is too many, but when you start to look at the features available through this second update, you may be happy that Microsoft has decided to release it (and re-release it). Today, we’ll take a look at ...
- Here’s How Companies Struggle with IT Security No business can be successful if it’s constantly suffering from data breaches. Therefore, you should take measures to mitigate the issues caused by these threats before they present themselves. Here are four of the biggest issues your business could face in the field of network security. Password...