Insider Threats to Your Corporate Data
The greatest danger to your organization’s data security is insider threats. These threats can come from employee or third-party contractor negligence, or from malicious or even criminal insider activity. According to a report by The Ponemon Institute, since 2016, the average number of incidents involving malicious and criminal insiders has increased by 53%. Those involving insider negligence have increased by 26%.
8 Ways Employee Behavior May Be Putting Your Data at Risk
- Instead of using only company-approved email, file sharing and collaboration platforms, employees many be using social media and personal email to send files to co-workers. This can more easily lead to data getting into the wrong hands.
Question: Do you have a written corporate policy outlining how data can and cannot be shared?
- Data may be stored in locations that you are unaware of. Instead of saving all documents to your file Server or perhaps Office 365 OneDrive for Business (if sanctioned by your company), employees could be saving documents to their personal storage locations such as on Dropbox or Google Drive. They could also be saving data on their personal home computer, smartphone, or on un-encrypted USB storage devices.
Question: Do you know where all your data is? Do you have a written corporate policy as to where data can and cannot be stored?
- Employees bringing a home computer (or a contractor bringing their laptop or tablet) to the office and connecting to your corporate network can expose your data to viruses and malware. Any computer that is not managed by your IT personnel may not have proper antivirus protection or updated security patches installed. As a result, viruses or other malware may exist on their device and get pushed out to your corporate network.
Question: Do you have a written corporate policy prohibiting non-managed computers from connecting to your corporate network?
- A computer used for both personal and business purposes, even if managed by your IT personnel, could be a risk if family members are also permitted to use such a computer. Confidential information might be accessed or deleted, unwanted software downloaded etc.
Question: Do you have a written corporate policy prohibiting dual business/personal use computers from being used by non-employees?
- Clicking on a malicious link or attachment in an email can provide a hacker with access to your data. This can often result in a Ransomware attack where your data is locked, with a ransom payment required to un-lock it. This type of attack has cost organizations hundreds of millions of dollars.
Question: Have you implemented an employee testing and training program to educate on this type of threat?
- Weak passwords and passwords used in multiple locations are a problem. Hacker computers are constantly working to guess passwords as a means to access your data. If they guess one, and it’s also used in multiple places, the damage can become widespread.
Question: Do you have strict password policies in place and are they enforced?
- Computers left logged in and unattended could provide an opportunity for an employee to gain unauthorized access to data.
Question: Have you implemented an automatic screen lock policy to prevent this from happening?
- Studies indicate that a large proportion of employees today feel the product of their work (the data) is under their personal ownership, so will take data with them when they leave.
Question: Do you have an off-boarding process in place for exiting employees, to help prevent this loss of proprietary data?
If you are interested in working with experienced advisors to help implement better data security practices for your organization,
contact BSC Solutions Group today.
November 14, 2019 2:11:10 PM