Technology makes our business life easier and more streamlined, but that convenience comes at a price. Over 87% of Canadian businesses have experienced at least one Cyber-attack in in the last year, and online news are bombarded with daily Horror stories of Malware and DDoS attacks that hold documents and software hostage, or completely stop companies from functioning. Usually, only about 10% of a businesses’ IT budget is earmarked for Security, so how can you ensure that your Customer and ‘Mission Critical’ data is as safe as possible?
Firstly, you can forget about trying to stop cyber-criminals or Foreign State-sanctioned actors out there trying to ‘get you’. It is far more productive to concentrate on your own measures on the ‘home side’ of the Firewall. A new report suggests that as many as 75 percent of all cyber security threats is probably internal in nature.
Workers may – intentionally or unintentionally – be putting their organizations at risk of a data breach or theft of intellectual property. Examples of accidental insider threats include employees accidentally including private information in a group email sent out to the wrong people or opening a ‘phishing’ email that exposes a company’s internal systems to cyber-attack. Examples of negligent activities include using easy-to-guess passwords and login credentials; failing to apply important security patches to software; and downloading unauthorized software that leads to virus infections. Given this spike in attacks due to insider sources, what can organizations do to protect themselves, especially in terms of new security measures and practices? Security experts generally put a huge premium on educating staff about data protection, data privacy and learning how to recognize popular scams. Here are three categories of negligent users and what can be done to counter them:
Bypassing controls for convenience or efficiency: Examples of this problem include employees who prefer to use cloud storage solutions for sensitive corporate data, instead of official corporate data storage solutions, and sharing of user accounts. In both cases, employees think that they have discovered a clever “workaround” that makes their daily life easier. What’s needed here is stronger network-level controls to ensure this behavior doesn’t happen in the first place. Employees – no matter how IT-Savvy – must learn that security protocols are there for a reason, not just to make everyone’s life tougher.
Employees bringing their own devices and connecting to the corporate network: In the BYOD era, employees are increasingly accustomed to connecting every mobile device they use to the main corporate network, blurring the lines between professional and social work. This is incredibly dangerous, since these devices usually have little, if any, data security control. Most of the time, default security options have been turned off, so employees do not even know that they are running a security risk. The solution here is a strong enforcement of BYOD policies. Employees must know upfront which devices can be connected to the network, and which cannot.
Employees that get phished: Every day employees get emails from an authoritative-looking source and assume it’s OK to open. But employees need to be educated about these schemes, how they work, and what to look for. Get used to running realistic user training so that this kind of breach is easier to spot. Organizations can always contact their security vendors for anti-phishing solutions, solutions for email can often block or filter any emails known to originate from a potentially malicious source.
In all these scenarios, a long-term plan should be put into place: In your physical working environment, you can have a state-of-the-art security system and ample locks on the doors and closets. However, if someone inside opens the door to an attack, all these measures are useless. Educate your staff about what is going on, how these attacks can affect the company, and how to ensure they aren’t the one opening that door, either in reality – or the online universe.
Leave a Reply
Your email is safe with us.