Are You Guilty of These Careless Security Flaws?
December 26, 2017
Did you know that a surprising number of data breaches are the result of insider threats? Insider threats are defined as data exposure, either malicious by nature or unintentional, that results from the actions of an employee in your workforce. With so many threats out there, it’s easy to forget that some of the most dangerous ones are right within your walls. How can you keep insider threats from becoming a significant problem for your organization?
Let’s start with some statistics, courtesy of a study by Forrester Research:
- 40% of data breaches are caused by insider threats.
- Of breaches caused by insider threats, 26% are caused with malicious intent.
- 56% of these breaches are caused by accidents and general non-malicious use.
Here are some of the most common end user mistakes that you can expect your employees to potentially make.
Phishing Emails and Malicious Sites
Targeted attacks against organizations continue to rise. These attempts go after specific users with well-crafted emails that appear legitimate. They entice the user to open an attachment or click on a link. In some cases, they only ask for a reply to the initial email before the actual threat is delivered through a follow-up email after gaining some level of trust. Many organizations place multiple layers of security to identify and block many of these attempts, but it is important to realize that your employees are also another security layer and should be trained on how to identify these attempts. Ongoing testing and security awareness training is imperative.
Carelessly Using Flash Drives
Have you found a flash drive around the office lately? Maybe it belongs to your organization, and maybe it doesn’t. Either way, there are no guarantees that the information found on the device belongs to your organization. In a worst-case scenario, the files could be corrupted or infected by malware, and when the device is plugged into your computer, it could infect your entire network, or at the very least, your workstation. Be sure to emphasize to your employees that any suspicious flash drives should be directed to IT before being used on the network.
Carelessly Handling Company Information
Do your employees share information that they shouldn’t be sharing? If an employee isn’t careful enough with your company’s data, it could accidentally be leaked in an unforeseen way. Let’s say that they are conducting business with their personal email account— a major no-no for any business professional. This email account isn’t protected in the same way as your business-class one is. If this account were to be compromised, you’d have a major problem on your hands due to the negligence of your employees.
Sloppy Security Practices with Connected Devices
The same as above can be said for connected devices that access your business’ network. You should have a policy in place to protect devices owned by employees, as well as the ones that you provide them with to do their work. A Bring Your Own Device (BYOD) policy is critical if you want to optimize security for your business’ data. You can control access to data on a per-user basis, as well as whitelist/blacklist apps or remotely wipe infected or stolen devices.
Does your organization struggle with end-user mistakes? CalTech can help. To learn more, reach out to us at firstname.lastname@example.org.