Employees Are the Biggest Cybersecurity Threat for Business

90% of cybersecurity professionals surveyed in Veriato’s 2018 Insider Threat Report believe they are vulnerable to insider attacks. Apathy, negligence, and malicious intent are but a few reasons why they think this is so. In order to neutralise insider threats and ensure security of company data, it’s important to engage employees to better understand the underlying challenges.

How It’s Happening

Human error counts top of the list of insider threats. Workers inadvertently expose business data by accessing company files using unauthorised networks. Hackers and cybercriminals then take advantage to compromise  network security. Also, workers might access your network using their own insecure devices. Without a workable BYOD policy, any information thereby stored on their laptops/smartphones is left at the mercy of cybercriminals. Lost or stolen devices also pose significant risks for your business data. Another form of insider threat is identity theft. Hackers can steal your worker’s credentials and then log into your network to compromise your security or steal information. Sometimes, though, there is real malicious intent behind the failings in your company security. Employees sometimes sabotage businesses deliberately. Disgruntled workers can leak passwords to hackers in return for payment knowing very well it might not be traced back to them. Others might just transfer your files to rivals when they move on in a bid to undermine your efforts and gain favour with their new employers; or even delete your data.

Set Security Targets

To keep the integrity of your IT infrastructure intact, it’s essential that you make network security top of your priority list. It is easy to get sucked into wanting to surpass marketing and sales targets. They seem to be the most tangible metrics with which to measure business performance. However, any offensive move must be couched on a strong defense. To this end, inculcate network security education into all on-boarding sessions for new employees. To combat insider threats, make sure all business strategies pass security tests. New software must be thoroughly analysed for vulnerabilities before the company adopts it for work. All future decisions and strategies should be based on a strong security analysis. Whether it is a new website, a portal, or even a new email marketing strategy, make sure your staff take all security precautions seriously. Also, make sure your security parameters are up to date. Fix patches and consistently check bugs in order to fix them. Demand more security accountability from those with the most access to company data, like your IT executives, managers, and vendors. Enforce strong standards and punish wrong-doers with already established rules.

Monitor Employee Behaviour

There are routines your employees follow as part of their normal daily activities. Develop a tracking tool that detects and monitors such routines. Then when there is a sudden change in routine, there is an automatic signal sent to the administrator to investigate the situation. If a marketing officer needs data from an excel sheet that has a list of your company’s competitors, then there has to be a justified reason for ‘accidentally’ snooping into bank accounts of fellow employees. Use secure employee monitoring software to monitor your workers regularly. Ensure any decision you take regarding collecting data is transparent to encourage employee participation. Don’t sneak in on employees without their knowledge. That effort could backfire like it did with the Daily Telegraph.

Establish a BYOD Policy

Chances are your workers are using personal devices for work-related activities without your knowledge. These devices represent a major risk to the security of your company data. To properly manage and secure all endpoints accessing your business network, create a policy that spells out how personal devices are used for work. If you don’t want personal devices near work related activities, it should be stated in your security policy together with clear punishment for those who break this rule. As part of your BYOD policy, include a Mobile Device Management software to help secure data on stolen worker devices.

A Word of Note

Insider threats are dangerous because they come from trusted systems. A worker may not even know someone has stolen data with their login credentials. Perpetrators are able to easily clean their tracks to avoid detection. In taking steps to curb the incidence of insider threats, try to avoid implementing a ‘zero trust’ environment just to catch potential cybercriminals. A lack of trust hampers employee productivity by eroding employee confidence. That notwithstanding, remember to assign data access privileges in order to limit risk. Workers should only be able to access information if it is needed for their work activities. A need-to-know policy doesn’t imply a lack of trust. Rather, it curbs potential abuse while holding individuals accountable to the information they access. The way forward in curbing the effects of insider threat is to assume it could happen at your workplace. Then implement steps to fight it with the explicit participation of your employees. 90% of cybersecurity professionals surveyed in Veriato’s 2018 Insider Threat Report believe they are vulnerable to insider attacks. Apathy, negligence, and malicious intent are but a few reasons why they think this is so. In order to neutralise insider threats and ensure security of company data, it’s important to engage employees to better understand the underlying challenges.

How It’s Happening

Human error counts top of the list of insider threats. Workers inadvertently expose business data by accessing company files using unauthorised networks. Hackers and cybercriminals then take advantage to compromise  network security. Also, workers might access your network using their own insecure devices. Without a workable BYOD policy, any information thereby stored on their laptops/smartphones is left at the mercy of cybercriminals. Lost or stolen devices also pose significant risks for your business data. Another form of insider threat is identity theft. Hackers can steal your worker’s credentials and then log into your network to compromise your security or steal information. Sometimes, though, there is real malicious intent behind the failings in your company security. Employees sometimes sabotage businesses deliberately. Disgruntled workers can leak passwords to hackers in return for payment knowing very well it might not be traced back to them. Others might just transfer your files to rivals when they move on in a bid to undermine your efforts and gain favour with their new employers; or even delete your data.

Set Security Targets

To keep the integrity of your IT infrastructure intact, it’s essential that you make network security top of your priority list. It is easy to get sucked into wanting to surpass marketing and sales targets. They seem to be the most tangible metrics with which to measure business performance. However, any offensive move must be couched on a strong defense. To this end, inculcate network security education into all on-boarding sessions for new employees. To combat insider threats, make sure all business strategies pass security tests. New software must be thoroughly analysed for vulnerabilities before the company adopts it for work. All future decisions and strategies should be based on a strong security analysis. Whether it is a new website, a portal, or even a new email marketing strategy, make sure your staff take all security precautions seriously. Also, make sure your security parameters are up to date. Fix patches and consistently check bugs in order to fix them. Demand more security accountability from those with the most access to company data, like your IT executives, managers, and vendors. Enforce strong standards and punish wrong-doers with already established rules.

Monitor Employee Behaviour

There are routines your employees follow as part of their normal daily activities. Develop a tracking tool that detects and monitors such routines. Then when there is a sudden change in routine, there is an automatic signal sent to the administrator to investigate the situation. If a marketing officer needs data from an excel sheet that has a list of your company’s competitors, then there has to be a justified reason for ‘accidentally’ snooping into bank accounts of fellow employees. Use secure employee monitoring software to monitor your workers regularly. Ensure any decision you take regarding collecting data is transparent to encourage employee participation. Don’t sneak in on employees without their knowledge. That effort could backfire like it did with the Daily Telegraph.

Establish a BYOD Policy

Chances are your workers are using personal devices for work-related activities without your knowledge. These devices represent a major risk to the security of your company data. To properly manage and secure all endpoints accessing your business network, create a policy that spells out how personal devices are used for work. If you don’t want personal devices near work related activities, it should be stated in your security policy together with clear punishment for those who break this rule. As part of your BYOD policy, include a Mobile Device Management software to help secure data on stolen worker devices.

A Word of Note

Insider threats are dangerous because they come from trusted systems. A worker may not even know someone has stolen data with their login credentials. Perpetrators are able to easily clean their tracks to avoid detection. In taking steps to curb the incidence of insider threats, try to avoid implementing a ‘zero trust’ environment just to catch potential cybercriminals. A lack of trust hampers employee productivity by eroding employee confidence. That notwithstanding, remember to assign data access privileges in order to limit risk. Workers should only be able to access information if it is needed for their work activities. A need-to-know policy doesn’t imply a lack of trust. Rather, it curbs potential abuse while holding individuals accountable to the information they access. The way forward in curbing the effects of insider threat is to assume it could happen at your workplace. Then implement steps to fight it with the explicit participation of your employees.