Did you know that a surprising number of data breaches are the result of insider threats? Insider threats are defined as data exposure, either malicious by nature or unintentional, that results from the actions of an employee in your workforce. With so many threats out there, it’s easy to forget that some of the most dangerous are right within your walls. How can you keep insider threats from becoming a major problem for your organization?
Let’s start with some statistics, courtesy of a study by Forrester Research:
- 40% of data breaches are caused by insider threats.
- Of breaches caused by insider threats, 26% are caused with malicious intent.
- 56% of these breaches are caused by accidents and general non-malicious use.
Here are some of the most common end user mistakes that you can expect your employees to potentially make.
Laptops and Other Devices at Airports
Most airports demand that a user surrender any electronic devices during a security check. While this often just includes placing the device in a bin and informing airport security staff, it’s not outside the realm of possibility that your device gets misplaced somehow during the process. Keep a close watch on your devices, as they could be stolen or lost easily enough if you’re not paying attention.
Carelessly Using Flash Drives
Have you found a flash drive around the office lately? Maybe it belongs to your organization, and maybe it doesn’t. Either way, there are no guarantees that the information found on the device belongs to your organization. In a worst-case scenario, the files could be corrupted or infected by malware, and when the device is plugged into your device, it could infect your entire network, or at the very least, your workstation. Be sure to emphasize to your employees that any suspicious flash drives should be directed to IT before being used on the network.
Carelessly Handling Company Information
Do your employees share information that they shouldn’t be sharing? If an employee isn’t careful enough with your company’s data, it could accidentally be leaked in an unforeseen way. Let’s say that they are conducting business with their personal email account--a major no-no for any business professional. This email account isn’t protected in the same way as your business-class one is. If this account were to be compromised, you’d have a major problem on your hands due to the negligence of your employees.
Sloppy Security Practices with Connected Devices
The same as above can be said for connected devices that access your business’ network. You should absolutely have a policy in place to protect devices owned by employees, as well as the ones that you provide them with in order to do their work. A Bring Your Own Device (BYOD) policy is critical if you want to optimize security for your business’ data. You can control access to data on a per-user basis, as well as whitelist/blacklist apps or remotely wipe infected or stolen devices.
Does your organization struggle with end user mistakes? MultiProcess Computer LLC can help. To learn more, reach out to us at (603) 893-9090.