How to Tell If Your Employees are a Cybersecurity Threat
By Max Emelianov
The biggest threat to your business and its data does not come from the outside. It originates from your own employees. Either through well-meaning ignorance or active malice, they have the potential to put your data at risk to an incredible degree. Here’s how you can tell you’re at risk. Like it or not, the greatest threat to your data comes from within.
In a report by information security company Shred-it, 47 percent of C-Suite executives and 42 percent of small business owners reported that they suffered a data breach as a direct result of employee errors. Breaches were also caused frequently by employees working for external vendors or business partners, at 28 percent and 17 percent respectively.
No matter how ironclad your security, no matter how much work you put into making your network impenetrable, your efforts can be undermined by a single mistake. Small wonder that, as employees gain more autonomy than ever before, phishing attempts and social engineering attacks are on the rise. Hackers know that even the best-protected business can be compromised by a single mistake.
Errors born of ignorance and carelessness aren’t the only thing to be concerned about, either. Dissatisfied, frustrated, and greedy employees can be just as great a threat – perhaps even greater. Particularly if they work in IT, an employee knows how your systems work and where the vulnerabilities lie.v
So how exactly can you tell if you’re at risk from either of the scenarios described above?
The short answer is that you shouldn’t need to ask. You are at risk, no matter how much you might believe otherwise. If you’re truly invested in maintaining a strong security posture, you need to take measures that both safeguard you against malicious insiders and mitigates the threat posed by employee error.
This takes a few forms:
Promote cybersecurity awareness training. Each and every employee should understand their role in keeping business data safe. Each and every employee should be made aware of the cyber threats your business commonly faces, particularly social engineering attacks such as phishing emails.
Encourage mindfulness. Before taking any action that could potentially put sensitive data at risk, employees should take a moment to double-check if they’re making any mistakes. Even a brief pause can be enough to recognize an error in an email or determine the presence of a phishing attempt or malicious attachment.
Learn to recognize the signs that an employee is becoming disgruntled or might be malicious. These include severe productivity issues, unusual levels of anger or irritation, and withdrawal from coworkers and colleagues.
Have systems in place to control data once it leaves your organization’s walls, such as file-centric DRM. It’s also imperative that you strictly control access to sensitive data, and ensure your IT department is able to remove permissions and privileges from an employee the moment they leave your organization.
Lack of awareness. Lack of education. Frustration. Greed. Malice. There are many reasons an employee may put your business’s data at risk, either intentionally or unintentionally.
The best thing you can do to counter them is to foster a culture of education, awareness, and cybersecurity.
“Seemingly small habits can pose great security risks and add up to large financial reputational and legal risks,” says Monu Kalsi, Vice President at Shred-it.
“For companies looking to better protect their data, smart information security begins with giving employees access to smart information security practices and training. Through consistent training and education, businesses of all sizes can take back ownership of information security and create a more security-minded work culture among their employees.”