While cyber security is something even very small businesses are starting to take serious consideration of, there’s something they’re slower to shield themselves from, and that’s the internal threats they’re facing. While businesses might utilize cybersecurity measures aimed at external threats, it’s often the internal issues that can wreak the most havoc on an organization.
Research from the US Computer Emergency Response Team showed that nearly 40 percent of all IT security breaches are carried out by people within the company. According to ZDNet, another study showed that employees committed 90 percent of criminal cyber activities. What’s also important to note is that not all of these internal threats are even malicious. Some are incidental but can be no less damaging.
The first step to preventing against insider attacks and threats is to understand what you’re up against. Below are five of the most common insider IT issues facing businesses right now.
Peer-to-Peer File Sharing
Increasingly P2P is becoming a problem for companies, even if it’s something they’ve prohibited in their IT policy. Whether your business doesn’t have a specific P2P policy in place, or employees are ignoring it, it can become incredibly problematic. There have been numerous incidents of not just businesses having their information leaked as a result, but even government entities. Educating employees on P2P file sharing is important.
Outdated Operating Systems
This top internal security issue isn’t malicious, but it can certainly be problematic. For those companies that use a Windows operating system, if it isn’t updated regularly with the newest versions it can cause issues. It can be a big undertaking to make sure every desktop, laptop, and mobile device is updated accordingly, but it’s also something that’s worthwhile.
One of the number one internal threats businesses face regarding cybersecurity comes in the form of their USB devices. Viruses can be transferred via these devices, whether knowingly or unknowingly on the part of employees. There isn’t a lot of protection you can put in place when it comes to a USB device, but many businesses are looking at more secure means of storing and sharing data, documents and information, such as virtual data rooms from companies like FIrmex.
Just because an employee isn’t doing something to be purposely damaging to employees doesn’t mean it isn’t happening. A lot of cyber criminals are realizing they can exploit employees to get the information they need, so it doesn’t even matter if there are rigorous technical security measures in place. What a lot of security experts are seeing are issues where employees are giving out passwords and other information by email and phone during phishing attacks, and it’s becoming harder for employees to recognize they’re being scammed as these plots grow increasingly sophisticated. A strong training program is the best way to combat against this. If you don’t have the time or resources to create an internal training program, you can rely on eLearning courses such as the “PhishProof Assessments and Training” program from Inspired eLearning.
While there isn’t a 100 percent safeguard against internal cybersecurity threats, awareness is the first step in securing your business, your customers, and your employees.