Group of multi-ethnic business partners discussing ideas

Past and Present Employees Are SMBs Biggest Security Threats

19 Sep 2016 by Bob Violino

The heartbeat of America is small- to medium-size business. Aside from driving employment, these businesses are the force of innovation and help make America the nation that it is, often bringing to market new entrepreneurial approaches to business processes, products and services. They are also just as vulnerable to internet security threats as the larger enterprises are.

Technology surely plays a key role in the effort to protect data, applications and systems. But to be truly successful at strengthening their organizations’ security posture, professionals need to look beyond technology, to people and processes.

According to a related Forrester Research report, “New technologies have emerged, but none are game changers today,” the report notes. “S&R [Security and Risk] pros must continue to focus on their security program, including people and processes, to address evolving threats and externalities like changing data localization requirements. Data governance and stewardship will be critical for big data efforts.”

Facing current and former employee threats

One of the biggest network security threats Small- to Medium-size Businesses (SMBs) face is intrusions or other security incidents conducted by former and present employees. A report by Cloudentr explains that about 80% of SMB IT professionals say employees are the weakest link in cloud security.

The report, which surveyed more than 430 IT professionals, was conducted in an effort to identify IT professionals' security challenges and uncover how they plan to tackle cybersecurity. The survey concluded employees were companies’ greatest risk factor.

It is important to note that former employees are also a cause for concern. This should not be a surprise, given how sloppy companies can be about cutting off access to important systems when workers leave the organization. According to a report by Intermedia and Osterman Research, 89% of the organizations surveyed retained access (a valid login and password) to at least one application from a former employer.

The report shows former employees continue to have access to a range of accounts, IT services and platforms they used while working for a previous employer. For example, 24% of users still have access to a PayPal account they used when working for a previous company, 21% have access to Facebook and 18% have access to LinkedIn. Naturally, this level of access creates worrisome small business internet security risks.

Many of the former employees could access “confidential” or “highly confidential” data, and 49% actually logged into their employee accounts after leaving the company, while 68% admitted to storing work files in personal cloud storage services after leaving the workforce.

It’s not surprising that cloud applications are falling through the cracks during the employee off-boarding process. In many companies, the responsibility for provisioning apps falls to different departments. For example, email is provisioned by IT, payroll apps are provisioned by human resources, and line-of-business apps are provisioned by department managers.

These four suggestions can help small- and midsize businesses decrease various types of security threats:

  1. First, conduct a thorough information security assessment. You can’t know how to improve small business cyber security throughout the organization if you don’t know where the weaknesses and vulnerabilities are, as well as the potential threat vectors. If the company lacks the resources to do this internally, consider hiring a security managed services provider or experienced consulting firm to help with the assessment.
  2. Consider using cloud-based services. This year, about 10% of overall IT security enterprise product capabilities will be delivered via the cloud, according to Gartner. “A significant number of security markets are being impacted by newly emerged delivery models. This is resulting in the growth of cloud-based security services, which are transforming, to different degrees, the way security is supplied and consumed by customers,” the firm says. More than 30% of security controls deployed to the small or midsize business segment will be cloud-based this year, Gartner says.
  3. Deploy the latest small business security tools that go beyond basic antivirus. As malware increases in sophistication and the number of new variants rise, antivirus technologies have steadily become less effective at stopping advanced threats to employee endpoints and servers. A growing number of SMB security professionals are considering replacing their third-party antivirus tools with native operating system antivirus augmented with one or more of the following third-party antivirus alternatives: application whitelisting, application privilege management, application integrity protection, endpoint execution isolation, and endpoint visibility and control.
  4. Be sure to effectively manage employee access to all IT resources. When someone leaves the company for any reason, revoke access to the corporate network, as well as any business-related data and applications. The most optimal time-frame is prior to their exit of the organization.

If you need an extension to your IT staff to help secure your SMB, contact Insight at: 1.800.INSIGHT. To learn more about emerging security solutions and how they can impact your organization, visit us online.

This article originally appeared on November 2, 2015, and has been revised to bring our readers the most up-to-date technology information.