Who are the most dangerous threats to your organization’s data security? Hackers and cybercriminals seem like the obvious choice. But even well-meaning employees can become security threats.
Does this sound familiar?
Imagine you’re Adam. Adam works as a network administrator for a mid-sized retail company. In the ten years he’s worked there, he’s seen it all, from outside attacks to internal security glitches, and over the years Adam has done due diligence to address every area of security weakness imaginable. Passwords are changed every 90 days, multi-factor authentication is enabled for customer and employee accounts, card payments are always encrypted, and workstations are updated with the latest security patches. What could go wrong?
A new threat… from the inside
One day, Adam discovers that several employees’ computers are infected with a virus. He sees that files are disappearing off an important internal server, and if they don’t act fast, the attack could spread beyond the affected computers to other workstations.
While Adam and his team quarantine the virus and restore a recent backup of the infected server to recover lost data, he is able to trace the virus back to its beginning: a legitimate-sounding phishing email from a manager in the company who’d had his email address spoofed. The request had seemed reasonable, and before anyone had realized it was a hoax, a number employees had clicked.
What began as an external risk ended poorly due to lack of internal training with users. If his users had more education around what phishing emails look like, the virus might have been avoided.
As Adam begins to broaden his focus from outside the organization to inside, he realizes he should have been more aware of what was going on inside the organization. Scenarios such as these come to his attention:
- An employee who left the organization took proprietary company documents with him.
- The guy who runs IT backups for HR also has access to those same employee files he’s backing up… and sometimes curiosity gets the best of him.
- A jealous employee has intentionally tampered with internal documents to sabotage another coworker.
- One employee who uses cloud-based file sharing service frequently starts using it for Excel files with personally identifiable information (PII) because it’s easy.
What is Adam to do?
Combatting internal security risks
Internal security risks are more common than ever, but with the right training and tools, you don’t have to fall prey to them.
By being proactive with internal security practices and utilizing helpful solutions like anti-virus scanning and secure file transfer software, you can limit the risks user errors and rogue employees pose to your organization.
Download the free eBook Six Users to Put on Your Security Watch List to find out how Adam mitigates these security risks – and how you can, too.