While identity theft is a growing concern for consumers, businesses have even more reasons to be stressed. Your computer systems hold sensitive data on everyone associated with your company including management, employees, customers, and vendors; and cybercrime and data breaches have become commonplace. If you haven’t faced a cyberattack yet, it’s only a matter of time.
While the risk of an outside cyberattack is big, an even greater cyber threat to your business is much closer to home – inside your organization.
Surveys that track vulnerability concerns among IT and information security professionals have routinely put “insiders” at the top of the list of cyber threats to businesses and organizations. Whether the motivation is financial gain, convenience, curiosity, boredom, or something else, insiders go mostly undetected, their misdeeds only discovered by forensic analysis after they’re gone.
Here are five of your biggest “insider” threats:
- Disgruntled workers. A rogue employee – especially one on the IT staff with knowledge of and access to networks, data centers, and administrator accounts – can wreak havoc.
- Careless or uninformed employees. A careless worker who forgets an unlocked iPhone in a restaurant is just as dangerous as a disgruntled worker who leaks information to your competition. Employees who haven’t been trained in security best practices, have weak passwords, visit questionable websites, or click on links in suspicious emails or open email attachments also put you at huge risk.
- Mobile devices. When employees use mobile devices, especially their own, to share data or access company information, your vulnerability to data theft goes up exponentially. According to a BT Americas study, mobile security breaches have impacted more than two-thirds (68 percent) of global organizations in the last 12 months.
- Unpatched devices. Your network devices such as routers, servers, and printers that use software or firmware could be exploitable by attackers to gain access to your system. For example, Microsoft announced in July they are no longer supporting Windows Server 2003, a system in use by over 10 million physical users and millions more virtual users. These organizations will no longer receive patches or security updates, and experts expect these outdated servers to become a prime target for hackers.
- Third-party service providers. Companies are increasingly outsourcing to third party vendors to manage things like point-of-sale (POS) systems. But these vendors generally use remote access tools to connect to the company’s network, and they often have lax security practices.
No measure of information security can guarantee you’ll never be hit, but you can significantly lower your risk factor by being vigilant and prepared. Carefully manage who has access to sensitive data. Implement clear policies and procedures on using mobile devices. Educate your employees about cyber security, managing passwords, and preventing unnecessary vulnerabilities such as email attachments. Make sure your devices and software are always up to date, and that all third party vendors follow strict remote access security procedures.
Finally, protect yourself with the right business insurance just in case. Talk to the business insurance experts at Heffernan Insurance Brokers about a cyber liability insurance policy that can protect your business from both outside and inside threats.