Insider threats contribute to a significant number of data breaches. These cases of data exposure are enabled by a member of your staff, whether they intended to harm your business or simply made an honest mistake. With so much focus directed toward the threats out in the world, sometimes we forget that the biggest dangers can be among our ranks. To make up for this, we’ll discuss a few ways to keep insider threats from doing your business too much harm.
As we begin, let’s refer to some stats that were drawn from a Forrester Research study.
- Insider threats cause 40% of data breaches.
- 26% of these data breaches are malicious.
- Accidents and general use cause 56% of these breaches.
Clearly, simple mistakes contribute the most to data breaches. To prepare for these circumstances, let’s examine some of the most common errors made by end users.
Misplacing Devices while Traveling
Most workers have some sort of commute to look forward to as they go to and from the office, and business often requires an employee to travel on behalf of the company. This creates an opportunity, should the employee have a work device with them, for that device to be lost--left at airport security or in the backseat of an Uber--or stolen. Remind your employees how easily such devices can disappear, and that they need to be cognizant of them as they are traveling.
Using Unfamiliar Flash Drives
Flash drives are everywhere these days, which isn’t necessarily a good thing for your business. While many are harmless, the little storage devices can easily be converted into a vehicle for malware. If this is the case, once the USB drive is plugged in, the workstation and quite possibly your entire network could be infected. While this doesn’t mean that flash drives should be forbidden from your office, you should mandate that IT takes a look at them all before they are used.
Letting Devices Connect Willy-Nilly
Chances are almost everybody in your office has a smartphone, along with a laptop and various other devices that all utilize an Internet connection--which means that potential points of access to your network have increased considerably. To counter this, you need to put a Bring Your Own Device (or BYOD) policy in place that protects both your employees and your business. Utilizing a comprehensive mobile device management platform, a BYOD policy will dictate what control you have over user access and data transmission using employee and customer mobile devices.
Being Careless With Company Information
Back in World War II, there was a propaganda campaign by the United States Office of War Information warning citizens against the possibility of providing enemy spies with information: “Loose lips sink ships.” The same can be said of most business operations. Seemingly innocuous choices, like using a personal email account for business purposes, could potentially lead to a data leak. Personal email simply doesn’t have the same protections as business-class email does--and that’s just one example of how your data could be left vulnerable through employee negligence.
If your organization has difficulties with your end users making mistakes, reach out to us for help. Call Directive at 607.433.2200 for more information.