Cyber Liability: Your Five Biggest Insider Threats

mergertreelogoyouritdepartment

While identity theft is a growing concern for individuals, businesses have even more reasons to be stressed. Your computer systems hold sensitive data on everyone associated with your company including management, employees, customers, and vendors. Cybercrime and data breaches are becoming commonplace. If you haven’t faced a cyberattack yet, it’s only a matter of time.

The risk of an outside cyberattack is big, yet an even greater cyber threat to your business is much closer to home – inside your organization.

Surveys that track vulnerability concerns among information security professionals have routinely put “insiders” at the top of the list of cyber threats to businesses and organizations. Whether the motivation is financial gain, convenience, curiosity, boredom, or something else, insiders go mostly undetected, their misdeeds only discovered by forensic analysis after they’re gone.

Here are five of your biggest “insider” threats:

  • The Disgruntled Worker. A rogue employee – especially one on the IT staff with knowledge of and access to networks, servers, and administrator accounts – can cause havoc.
  • The Careless Worker. A careless worker who forgets an unlocked iPhone in a Starbucks is just as dangerous as a disgruntled worker who leaks information to your competition. Employees who haven’t been trained in security best practices, have weak passwords, visit questionable websites, click on links in suspicious emails, or open unknown email attachments also put you at huge risk.
  • The “I can just do that on my phone” Worker. When employees use mobile devices, especially their own, to share data or access company information, your vulnerability to data theft goes up exponentially. Recent studies show that mobile security breaches have impacted more than two-thirds (68 percent) of global organizations in the last 12 months.
  • The “I don’t have time to run that update” Worker. Your network devices such as routers, servers, and printers that use software or firmware could be exploitable by attackers to gain access to your system. For example, as of July 14, 2015 Microsoft is no longer supporting Windows Server 2003, a system in use by over 10 million physical users and millions more virtual users. These organizations will no longer receive patches or security updates, and experts expect these outdated servers to become a prime target for hackers.
  • The Third-party Worker. The worker from your vendor who has access to your network but no security on his computer is a dangerous threat. Companies are increasingly outsourcing to third party vendors to manage things like point-of-sale (POS) systems. But these vendors generally use remote access tools to connect to the company’s network, and they often have lax security practices.

No method of information security can guarantee you’ll never be hit, but you can significantly lower your risk factor by being prepared and vigilant. You must carefully manage who has access to sensitive data and implement clear policies and procedures on using mobile devices. It’s essential to educate your employees about cybersecurity, managing passwords, and preventing unnecessary vulnerabilities via email links and attachments. Finally, make sure your devices and software are always up to date, and that all third party vendors follow strict remote access security procedures.

Don’t you want to monitor your “Insider Threats”? MergerTree Solutions is offering $250.00 discount for the first 11 companies that contract a Network Assessment by May 9, 2016.

Bruce Litwin

Email: bdlitwin@mergertree.com

Phone: 713-982-8004realistic shield