Cybersecurity experts are often left scratching their heads after a breach or attack on their systems. Sometimes, it just seems as if the hacker knew too much about the sensitive operations of the business…and the reality is that they probably did. The ‘hacker’ could be the very person sharing an office space with you, or at the very least, one of your seemingly loyal staff members could be the “informant” or the “spy”.
The Statistics of Cybersecurity Threats Speak for Themselves
The 2019 Global Data Exposure Report unveiled statements from a plethora of companies on their data breaches. Over the last 18 months, half of the companies reporting hacking events also admitted that it was an inside job.
Even with so many attacks and data breaches being attributed to an inside job by one or several staff members, companies still view state-sponsored cyber warfare and individual hackers as the biggest threat. This infers that these companies aren’t thinking about the problem methodically…and the result is that many of them don’t have sufficient systems in place to protect against insider cyber-security threats.
Why Are Your Staff Stealing Your Data & Hacking Your Business?
The reality is that things have changed in the job landscape over the years. Gone are the days where people found a good job and stayed in it for years. Nowadays, loyalty to a job is rare, and the majority of the workforce is actively looking for new jobs. When an employee feels no real affiliation and loyalty to a company, the risk of data theft and hacking increases.
Another reality is that stealing data has become so easy that an employee may think nothing of it. Data is oh-so portable these days. It takes next to nothing for an employee to walk out with a digital copy of your full customer list with the intention of selling it on to the competition, or a hacker looking for opportunity. It’s just as easy to leave the business premises with sensitive documentation, secret unpatented designs, and even details of the payroll.
There are times where data breach can be intentional, such as in the case of a disgruntled employee being dismissed from the company and seeking to cause damage to the business.
Then again, there is also an unintentional data breach through human error. Consider the employee with sensitive data who chooses to use a social media platform to send important and sensitive information instead of the company’s approved file-sharing system. Or the employee who walks away from his/her desk without signing out of systems and applications. There’s also the employee who clicks on a link in an email and has no idea that ransomware has been installed on their computer.
From the above scenarios, it’s easy to see just how a data breach can occur from inside your business.
What to Do to Protect Against Insider Job Breaches & Hackings
What can you do to ensure that the cyber-security risk doesn’t originate from within your business? Here are a few tips:
- Have a policy of only using business laptops, desktops and devices at work. Ensure that there are reliable endpoint detection response tools to spot unusual activity on the devices. Run daily cyber-threat tests on these devices and ensure that when an employee leaves the company, these devices are retrieved, and all the passwords and access points are cleared.
- Educate your employees. Make sure that employees know of the risks and set subsequent policies in place to ensure that they don’t make silly mistakes. Prohibit the clicking of links from unknown senders or the clicking of unexpected links from known senders. Make it company policy to sign out of systems and applications when not using them. You could potentially set an automatic time-out on these, just to be sure.
- Have a no take-home policy. Staff members should not be leaving the premises with sensitive information. Ensure that staff members are unable to remove any business property when going home, including hard drives, flash drives, and so on. If they do leave the premises with such items, they need to be checked and signed for.
- Install software to automatically back up data to the cloud so that no sensitive information is left “lying around” on staff devices. When you do this, ensure that the backed up data is encrypted and that staff only have limited access to the files that are backed up. Set staff allowances wherever you can.
Last Word
It is better to be safe than sorry, and with the stats proving that a large portion of cyber-security threats originate from within a company, can you really afford to take that risk? Get to work setting mechanisms in place to safeguard your business from the inside too. Good luck!