Protecting Against Past and Present Employee Security Threats
Data is the lifeblood of business, containing critical employee, customer and vendor information hackers want to steal and sell. Yet, according to Manta, a resource dedicated to small businesses, 87% of Small to Medium Businesses (SMBs) don’t feel they’re at risk of a data breach.
These businesses, unprepared for a cyberattack, will falter when a breach occurs — and are likely to go out of business as a result. Is your business part of the 87%? If so, it’s time to revamp your security strategy. In order to run your business smarter, you need to run it safely.
As shown in Figure 1, businesses that were breached between April 2016 and April 2017 were likely infiltrated by current and former employees (30% and 26%, respectively) before unknown hackers (23%).
With those kinds of statistics, how can you guard against internal security threats? These four suggestions can help you ensure your environment is better protected:
1. Analyze your security strategy.
Conducting a thorough information security assessment to find weaknesses and potential threat vectors within your business is a good place to start. In addition to pinpointing device and network vulnerabilities, you can classify your data and equipment so that you know which assets should be given the highest priority for security management.
If your company lacks the resources to perform this type of assessment internally, consider partnering with a security managed service provider or an experienced consulting firm to help.
2. Authenticate current users.
Once you’ve screened for risks, implement or upgrade the identity authentication platforms across your network and devices to keep out unwanted users. Requiring current employees to update their login information regularly can help reduce the chance of a hacker getting through.
Either password or touch recognition is especially helpful for companies with a Bring Your Own Device Policy (BYOD). These methods prevent outsiders from accessing business information when an employee loses or misplaces his or her work device.
You also need to make sure your teams are familiar with basic cybersecurity practices: identifying phishing emails, using different passwords between personal and professional accounts, recognizing misleading links, not downloading suspicious software, encrypting files and locking devices when they’re not in use.
3. Ban former employees.
It’s important to ensure all equipment is returned and accounts terminated when workers leave. You’ll also need to update your security system to guarantee they no longer have approved access to your network.
The optimal time frame for such measures is prior to an employee’s exit of the organization. Once a worker walks out of the building for the last time, he or she should not be permitted to access the business’s confidential data sources or store work files in personal cloud storage services.
4. Lock down applications.
It’s not surprising that cloud applications are falling through the cracks during the employee onboarding and off-boarding process. In many companies, the responsibility for provisioning applications falls to different departments.
For example, email is provisioned by IT, payroll apps are managed by human resources and line-of-business apps are handled by department managers. When multiple cloud-based applications are in use, consistent security software running across all of the platforms is needed.
As shown in Figure 2, 26% of businesses surveyed in August 2017 had downloaded security software and applications within the past 30 days to help bolster their defenses, and 22% took other security precautions online.
Malware is increasing in sophistication, and the number of new variants is on the rise. As a result, a growing number of SMB security professionals are leveraging software for privilege management, integrity protection, endpoint execution isolation, and greater visibility and control.
When you implement a security strategy that not only gives current employees the tools needed to prevent data risks, but also ensures former employees can no longer access critical data after they leave, you position your business to grow with confidence.