Insider Security Threats: Why your Business may be at risk
Businesses are continually seeking the latest upgrades and appliances to protect their networks and data from outside threats such as the Internet, email and the use of Wi-Fi hotspots. Whilst this proactive approach is vital in protecting companies from external threats, many are unaware of the dangers from inside the organisation. According to a recent survey, around 78% of SMEs questioned were more concerned with external threats than internal dangers.*In fact, research has found that accidental insider security incidents are more frequent than malicious attacks, and can potentially have a greater impact on security and information loss.**
Employee negligence is a major contributor towards insider security incidents. Instances of such include data loss through the misplacement of portable devices, accidental deletion of important files, emailing the wrong file to an external party, or experiencing spyware/malware attacks from within the organisation. Not only can these security threats lead to a loss of valuable data, it can additionally result in damage to a company’s reputation and a loss in customers, as well as significant financial loss.With these consequences in mind, the following actions are recommended to ensure companies reduce the risks of insider security threats, whether they are accidental or intentional.
- Create a security conscious culture among all employees (internal, temporary, external, or contractors). Employees must be made aware of the importance of information security, and so it is recommended to put a simple compliance procedure in place, making it easy to understand and follow, as well as conducting regular training and updates for all staff. Implementing such a procedure ensures that security decisions are not left to individual employees, who may have varied views on what is and isn’t classed as a security risk.
- Even with an information security policy in place, to prevent non-compliance by staff (such as password sharing and turning off security settings), a non-compliance policy should be enforced, establishing accountability should security procedures not be adhered to. In addition, companies should place access control rights and a limitation on the ability for users to access and change unnecessary files and programs. This helps prevent employees turning off security settings and enabling users to only access the data they need.
- It is recommended to only use encrypted USB drives within the company. This helps prevent significant data leakage should an employee misplace a portable device. Rockford supply companies with encrypted USB drives for such requirements. For more details please contact us or click here.
- Monitor security practices and procedures. The ability to monitor users behaviour can help businesses identify and prevent insider data leaks or loss occurring. WatchGuard firewalls offer a feature in which to log, report and alert managers on individual user behaviour, if required, as well as an efficient web blocking feature to prevent visits to unnecessary websites.
- It is vital for companies to invest in efficient spyware/malware/antivirus systems to protect against such attacks from inside and outside the business network. WatchGuard appliances can have this feature enabled to scan all traffic entering the corporate network.
- For companies who require an extra peace of mind, Rockford offers a two-factor authentication process in which users are sent one-time passwords from highly robust tokens when they log into IT systems and company networks. For more details on this service please click here.
- In addition to the discussed prevention methods, it is additionally strongly recommended to invest in efficient disaster recovery plan, should data loss occur. A company’s disaster recovery plans should include every aspect of the IT system and beyond, from an efficient backup solution, to the ability to redirect email to an alternative site and should cater for not only the typical physical disasters such as fire or flood, but also virus outbreaks and data loss. Rockford IT's associate company, IT Group, provide IT Consultancy services for Disaster Recovery planning. For more details click here.
*Source "infosecurity-magazine.com".
** Source "infosecurity-magazine.com".
