Insider threats contribute to a significant number of data breaches. These cases of data exposure are enabled by a member of your staff, whether they intended to harm your business or simply made an honest mistake. With so much focus directed toward the threats out in the world, sometimes we forget that the biggest dangers can be among our ranks. To make up for this, we’ll discuss a few ways to keep insider threats from doing your business too much harm.
As we begin, let’s refer to some stats that were drawn from a Forrester Research study.
- Insider threats cause 40% of data breaches.
- 26% of these data breaches are malicious.
- Accidents and general use cause 56% of these breaches.
Clearly, simple mistakes contribute the most to data breaches. To prepare for these circumstances, let’s examine some of the most common errors made by end users.
Misplacing Devices while Traveling
Most workers have some sort of commute to look forward to as they go to and from the office, and business often requires an employee to travel on behalf of the company. This creates an opportunity, should the employee have a work device with them, for that device to be lost--left at airport security or in the backseat of an Uber--or stolen. Remind your employees how easily such devices can disappear, and that they need to be cognizant of them as they are traveling.
Using Unfamiliar Flash Drives
Flash drives are everywhere these days, which isn’t necessarily a good thing for your business. While many are harmless, the little storage devices can easily be converted into a vehicle for malware. If this is the case, once the USB drive is plugged in, the workstation and quite possibly your entire network could be infected. While this doesn’t mean that flash drives should be forbidden from your office, you should mandate that IT takes a look at them all before they are used.
Letting Devices Connect Willy-Nilly
Chances are almost everybody in your office has a smartphone, along with a laptop and various other devices that all utilize an Internet connection--which means that potential points of access to your network have increased considerably. To counter this, you need to put a Bring Your Own Device (or BYOD) policy in place that protects both your employees and your business. Utilizing a comprehensive mobile device management platform, a BYOD policy will dictate what control you have over user access and data transmission using employee and customer mobile devices.
Being Careless With Company Information
Back in World War II, there was a propaganda campaign by the United States Office of War Information warning citizens against the possibility of providing enemy spies with information: “Loose lips sink ships.” The same can be said of most business operations. Seemingly innocuous choices, like using a personal email account for business purposes, could potentially lead to a data leak. Personal email simply doesn’t have the same protections as business-class email does--and that’s just one example of how your data could be left vulnerable through employee negligence.
If your organization has difficulties with your end users making mistakes, reach out to us for help. Call White Mountain IT Services at 603-889-0800 for more information.
- Can You Spot the Signs of a Malicious Link? The Internet is notorious for being a minefield of threats, many of which lurk hidden behind innocent-looking links. In order to go about business safely, you need to be able to identify which links you can click; and, which should be skipped. Unfortunately, spotting fraudulent links isn’t an exact...
- FREE Printout: Dos and Don’ts of IT Security The following guide is designed to be used by business owners and office managers as an educational resource to establish some basic IT security best practices in the workplace. Feel free to print it out and hand it out or post it in common areas. You work on important things. Let’s all work togeth...
- Is Your Password Security Up to Par? Passwords are all over the place these days, whether they’re required to access an online account, or access the devices used to open these accounts. While both types of passwords can make for ideal security conditions, this is only the case if the passwords are strong. If your passwords can be gues...
- At What Point Does a Service Become Spyware? Spyware, like other malware, is a problem for any organization. Since your business generates, collects, and uses considerable amounts of data, there are plenty of organizations that want to get their hands on it. You spend so much time and money protecting your data against threats on the Internet,...
- Your Employees Can Be One Of Your Biggest Security Risks A surprising number of security issues come from inside your organization. User error on the part of the employee can present major problems for your workflow, data security, and the integrity of your business. User error could be something as simple as an employee clicking on the wrong links when t...
- Why You Should Pay Attention to Data Security Notifications If you’ve watched the news lately, chances are you’ve seen the Equifax breach and the ridiculous fallout it has caused. Over 133 million personal records have been stolen. While it’s difficult not to feel individually victimized by such a breach, it’s important to remember that it’s often not your s...