The most overlooked part of cyber security is internal defences. Organisations pump resources into technologies that prevent criminals accessing their systems, but allow their employees to access them with only minimal safeguards.
This leaves organisations vulnerable to a variety of insider threats. Here are three of the most common.
Remote workers are a part of most businesses these days. Some employees do it permanently or occasionally, and others access the organisation’s systems outside of business hours. This is great for quality of life and productivity, but it comes with a security cost.
There are two main issues. First, there’s the possibility that the Internet connection remote workers are using isn’t secure. This is less of a problem when using your home broadband, but it’s a big problem when on the go. A competent crook can access backdoors in public Wi-Fi and do all kinds of damage to other people’s computers. This includes installing keystroke loggers, a type of malware that allows criminals to see what the victim is typing on their machine.
Alternatively, crooks might opt for the more direct route of stealing your device when your back is turned. If the victim is logged in to a work account, the crook has access to large amounts of sensitive data.
The business world is full of tough decisions, and you will often run the risk of offending employees. Perhaps you had to make them redundant or choose another candidate for a promotion, or maybe you weren’t able to cater to a work-related request.
Most employees will get over it soon enough, but others won’t be so forgiving. They might instead take their anger out by stealing or deleting the organisation’s files, injecting malware or committing other acts of sabotage.
This happens time and again, and although the malefactor (invariably described as ‘disgruntled’) is usually apprehended quickly, the damage they can cause will have lasting effects.
Most employees mean well. They try their best to avoid mistakes, but hope alone isn’t a particularly effective strategy, particularly when crooks bombard them with phishing scams that replicate legitimate messages. It only takes one lapse in judgement for an employee to inadvertently hand over their login details to a crook or allow them to infect the organisation’s systems with malware.
Don’t let your staff be your point of failure
Education is prevention. Find out how to generate tangible and lasting organisation-wide awareness with our Information Security Staff Awareness E-Learning Course.