Your Network is at Threat from the Inside, Too

July 30, 2018

It’s no secret that a business’ security is one of its most important considerations. It would seem
that there is a daily reminder of this unfortunate fact - but it’s even more unfortunate that many
people aren’t aware of where many threats can actually come from. Below, we’ll discuss how
some threats start on the inside - as well as what you can do to help stop them.

From the Inside?
Some may be surprised to learn that one of the biggest threats to your business technology is
the group of people you’ve hired to work with it. There are a variety of reasons that your
end-users can create a security problem through their actions.

Vengeance - As melodramatic as it sounds, if an employee is dissatisfied enough by something
to do with their job, they might lash out against the business. Whether that takes the shape
of deleting critical files before storming off, unleashing malware into your system or just
breaking some critical component, your business could find itself in deep trouble. Even worse, if
the employee thinks ahead about it, they could potentially figure out how to hide their actions
until they are long gone, or access your network later to mess with your business - and the
longer an issue persists, the more it will ultimately cost you.

The best way to fix this is to simply remove an employee’s credentials the moment they
are no longer employed - and to mitigate this kind of situation from happening in the first place. If
you keep your employees satisfied, engaged in their work, and happy if they do ultimately
leave, it will most likely be a departure spurred by greener pastures elsewhere, and not
animosity toward your business.

Being Bamboozled
- How many of your employees read these blogs, or have gone over our
website? Are they up-to-speed on how to best protect themselves against social engineering
attacks by cybercriminals? These attacks can be particularly effective, as they take an
employee’s instinct to do as they are told and pit it against their ability to shrewdly analyze an
incoming message.

A social engineer will reach out to your employee under the guise of being someone else, as
either an authority figure in your company, a client, or another business contact. This allows
them to request certain information that some employees would be only too eager to hand over
(after all, if the boss is asking for something, you deliver it, right?). The simplest way to eliminate
this threat is to make sure your employees appreciate the reality of it, educating them and
reinforcing the proper procedures to ensure that information isn’t just given out to someone who
asks nicely.

Inappropriate/Illegal Activities - Unfortunately, a workstation is not just a great productivity tool. It
is also one of the most potent distractions out there, thanks to all the content available online
that should not be accessed by someone in a professional environment. From games to adult
material, to social media, to watching x-animal try to mimic y-human activity on YouTube, you
are up against a formidable foe if you try to wrangle the Internet. However, it is crucial to your
network security that you do so, as threats can be very easily hidden in content that would seem
harmless on the surface. Protecting yourself against these threats means that you have to apply
patches as they become available, and it can’t hurt to block access to certain websites if you
discover that there is a tendency for them to be accessed during work hours.

Of course, there’s inappropriate, and then there’s illegal. Unfortunately, unless you can establish
that you have taken measures to prevent such activities, any illegal activities performed on a business’
network are the responsibility of the owner. Citibank learned this the hard way, when its employees
downloaded materials from the Internet that had absolutely no business being accessed in the workplace.
This activity got Citibank sued for $2 million. This is why it is especially important to monitor your network
activity, and again, block access to certain sites. You should also keep a documented acceptable use policy,
signed by every employee, so that you can legally protect yourself should the need arise.

Leaking Information - There are a variety of reasons that an employee could want to take
information out of the safe environment of your network. Those with good intentions may just
want to get some extra work done at home - but we’ve all heard where the road paved with
good intentions leads to. A frustrated employee might decide to take a little something along
when they leave to entice their next employer into hiring them.

Either way, your data is at risk, so you need to take steps to prevent such activities. A few
options are to require permissions for certain devices to access the network, and to require
authorization to connect a device to Wi-Fi or Bluetooth within the office.

Reach out to us at 877-223-6401 to learn about our solutions to your security concerns.

CalTech Ranked Among Top 501 Global Managed Service Providers by Channel Futures   <  IT INSIGHT HOME  >   Are You Able to Identify Malicious Links?