The Dangers Within: Insider Threats

Most business owners don’t walk around every day thinking their employees are actively attacking the company from within by stealing data to sell to competitors, skimming from the budget, misusing the company credit card or otherwise. In turn, most employees aren’t out to hurt their employers. Thus, business owners rarely think of insider threats to their information security.

That’s a mistake.

BEST DEFENDER OR WORST FOE

In cybersecurity, your employees can be your best defense against cyberthreats. But when an employee becomes the threat, he or she can do far more damage with much less effort than a hacker would have to expend.

AN ACTIVE INSIDER THREAT

At many organizations, employees are given access to all data the company holds. Without proper access controls preventing them from getting into information they don’t need to do their jobs, a disgruntled employee could easily download confidential company information onto a USB drive or email to their personal email account. Indeed, at one company, a high-level executive was caught in the act of downloading proprietary company documents to a USB drive so she could start her own business. Had that company had proper access controls set or secured its workstations against unauthorized USB use, it would be have prevented this from happening – and maybe even alerted IT.

This illustrates the importance of partnering with a managed services provider that understands security and knows how to protect your firm against the various forms cyberattacks take.

THE INNOCENT INSIDER THREAT

Far more common than the above, though, is the employee who innocently clicks on a legitimate-looking email and enters his or her credentials on a fake web site – giving the phisher access to his or her accounts. Sometimes, the employee isn’t even aware he or she has been phished and successfully hacked until something goes terribly wrong – a ransomware attack, stolen intellectual property, complete data loss or otherwise.

HACKERS TARGET SMALL BUSINESSES

As cyberattacks against small businesses continue to increase, it’s important business owners understand that hackers are exploiting their biggest weakness: a lack of security awareness on your staff. With no internal IT staff, small businesses are often less secure than their larger competitors. This is another reason partnering with a security-focused managed services provider can be a good move for companies – MSPs can give small businesses services and solutions like those enjoyed by their larger counterparts. When they don’t, the losses can be dramatic.

In one recent case, a company lost over $150,000 after a clicked phishing email ultimately led to a high-level employee paying a fake invoice to a hacker. At another company, over $10,000 was lost in a similar phishing campaign. Both companies had fewer than 100 employees. Hackers target small businesses because they’re easier prey. Unfortunately, successful attacks on small businesses can also be far more fatal to the business than similar incidents at larger companies.

REDUCE YOUR VULNERABILITY TO ATTACK

There are some defensive measures you can take to reduce your vulnerability to cyberattacks of all kinds:

  • Implement Multi-Factor Authentication (MFA). MFA can thwart some unauthorized access of employee accounts by requiring the use of a second device to verify the user’s identity. Thus, even with an employee’s username and password, a hacker would be unable to access his or her account without the second device.
  • Conduct Cybersecurity Awareness Training. Train your employees on the proper use of your business’ technology. Make them aware of the methods hackers use to fool them into providing confidential information so they can defend against such attacks.
  • Take the FISA. Your FISASCORE will give you information about your organization’s vulnerabilities – giving you a good place to start improving your cybersecurity defenses.

 

Ultimately, you can’t prevent every attack – there will always be new methods of attack, and we’ll always be human and make mistakes. But with the right cybersecurity solutions provided by an experienced, security-focused managed services provider, you can greatly decrease your company’s vulnerability.

Contact us below if you’d like to secure your business from cyberthreats – internal and external.

Leave a Comment