While it’s true that hackers pose a significant threat to your business’ cybersecurity, the area that you truly need to monitor has to do with your employees.
All organizations, regardless of size or industry, can, and likely will, be targeted. The number of incidents detected in 2015 alone grew 38% over the previous year. This explains why 52% of people who responded to a survey said they felt strongly that a successful cyberattack would take place against their business at some point within the next year.
When it comes to guarding your organization and everything you’ve worked so hard to build, it’s important to know as much as you can about what you’re facing. Although you might think that your top priority should involve doing whatever you can to stay ahead of hackers, this is only one small part of a much larger story. The real issue, and reason why cyberattacks are often successful has more to do with employees that have no idea how to behave in the dangerous digital world we now live in.
The Employee Threat: What You Need to Know
According to a survey of 4,500 CIOs and technology leaders, most agreed that “insider threat” is the fastest growing security risk for businesses today. This doesn’t necessarily mean that your employees have malicious intentions. Instead, it has more to do with employees who just don’t know enough about staying safe on the Internet.
Consider the fact that employees (and third-party contractors) often have access to confidential mission-critical business information. Many are given this access almost immediately. But without proper risk-management training (and with the occasional lapse in common sense), they pose an incredible risk to the very foundation of your business.
According to the 2016 Cybersecurity Intelligence Index published by IBM, one-quarter of all “insider-based” attacks were the result of an accident or lapse in judgment. Most cybersecurity breaches are due to negligence or inadvertent errors on behalf of employees. 60% of businesses admitted that their employees had NO advanced training on the topic, and that most lacked a general knowledge regarding the security risks they face on a daily basis.
Breaches occur when someone accidentally posts sensitive information on the Internet, or when they lose a laptop, phone or other computer device that contains confidential information. While it’s true that the other three quarters of attacks were carried out by people with malicious intentions, this is still enough to make you pause and re-evaluate the situation.
Take ransomware, for example – one of the most common (and devastating) forms of cybercrime in the modern era. Ransomware occurs when a malicious piece of software is downloaded to a host computer that, when executed, literally encrypts an entire hard drive and holds it for ransom. Short of wiping the entire machine clean and restoring it from a backup, the only hope a business has is to pay the ransom. This can stretch anywhere from a few hundred dollars to thousands of dollars or more depending on the situation.
But ransomware doesn’t just magically download itself to a computer – an employee would have to do it. They would need to click on a link in an email from an unknown recipient, or download a suspicious program without realizing there’s a problem with it. This is why you must invest in the right type of security training for ALL employees.
In addition to continuing education on the topic, most experts agree that true protection is something that starts with leadership. Company leaders need to know what data needs to be protected, how it’s going to be protected, and what happens in the event that a breach occurs.
Many recommend that companies invest in professional third-party security services to conduct a thorough and comprehensive background check of all new hires, and continually monitor a business’ infrastructure. Employees need to understand that falling victim to something like a phishing attempt has serious consequences, both for the organization they work for and their future employment possibilities.
When an employee leaves a business to take a job elsewhere, their access to the system should be immediately disabled. A comprehensive cybersecurity policy must be created that outlines these rules in plain language. It is always recommended that all employees have their devices remotely wiped immediately after they leave a business. This would address potential vulnerabilities from things like cloud services that don’t require frequent authentication to access.
Again, staying safe in the modern era is all about being proactive. But taking an inward look at your employees is just as essential as taking an outward look at those who wish to do you harm.
Cybersecurity is by far one of the most important issues that your business faces. It’s also one that requires you to take a proactive approach to planning and defense, particularly as far as your employees are concerned. If your business is in San Francisco and you’d like to find out more information about this or other essential digital security-related topics, please don’t delay – Contact intivix today at (415) 543 1033 or by sending us an email to firstname.lastname@example.org at your earliest convenience.