Is Your Staff Holding Up Their End on Security?
It seems as though every business is depending more and more on their IT. This means that their employees have more exposure to their IT systems. Unfortunately, that relationship is where the majority of the problems you will have are. The facts are that any business that has built a strong security policy has the solutions in place to keep direct infiltration from happening. Hackers have to find another way.
To make this happen, scammers create and send billions of phishing emails (and other messages) each day. Some of them will inevitably hit your company’s email. Even if you use the built-in firewall, the vast majority of them will be sent to spam. If you’ve outfitted your system with an enterprise spam blocker, your staff will see even less yet. Unfortunately, however, eventually one will make its way into an inbox. Sometimes the person is targeted directly and sometimes it’s just misfortune, but regardless of the variables surrounding these messages, interacting with one will very likely be problematic for your business.
This is why you spend so much time and money developing procedures, training your staff, and testing their aptitude: to be confident that they know what to do if they encounter problematic situations. Sometimes the attacks are very complex, but more often than not, all it takes is decoding, discarding, and reporting a hazardous message for them to be an actual hero. If your staff is highly trained, it will become just another part of their job. That’s the goal.
Of course, that’s not always the case. In fact, in one study, 77 percent of IT professionals feel as though their companies are unprepared to confront today’s most prevalent security challenges. That number has to scare you a little bit. Fortunately for business owners, IT professionals are notoriously pessimistic about the ability of people to make the right choices. The truth is that breaches do happen and they can be separated into three categories: mistakes, negligence, and sabotage.
If you are going to be a company that is prepared for the threats that are going to come your way, you need to understand the difference.
Mistakes happen. They always have and they always will. People who are normally diligent, hardworking, and good at their jobs can make a decision that is simply wrong. As we mentioned earlier, there are literally billions of phishing emails sent per day, and it’s not out of the realm of possibility that you, your best employees, even your IT provider can mistakenly click on a link that opens up Pandora's box. If someone makes a mistake, immediately reports it, and it’s obvious there was no malice behind it, it’s really hard to come down on that individual too harshly. A mistake is a mistake, after all. You will want to retrain that person and test them to ensure that they understand what their responsibilities are, but ultimately isolated incidents should be met with understanding.
On the other hand, if an employee continues to make mistakes regularly, it’s probably a matter of negligence. Obviously, negligent behavior shows that the employee is ambivalent to the rules set forth by the decision makers and is a problem when it comes to organizational network security. An employee that doesn’t take his/her training seriously probably isn’t taking many other aspects of his/her job seriously, either. Negligence is the cause of a majority of the cybersecurity problems that businesses are forced to confront, and cannot be allowed to undermine the organization.
Sometimes work relationships fail. There are a plethora of reasons why this happens, but most people have run into problems with a coworker, direct supervisor, or employer at some point in their work history. Sometimes the relationship gets so tainted that one party will look to undermine the other. Sabotage is when a current or former employee deliberately undermines the continuity of a business. Sabotage is criminal and purposeful. It can be something as simple as deleting files from a project or smashing company property, and it can be as complex as embezzlement and selling trade secrets to the competition. Most sabotage happens as a result of a work relationship that has turned sour. Unfortunately, if the saboteur still works for your company, you may not be able to catch him/her before it’s too late, but many of them are disgruntled ex-employees who for whatever reason still have access to company systems. For this reason, it is important that as soon as someone is let go or leaves the company, that their access to company resources is eliminated. Someone who knows where things are on your business’ network can really do a number. Avoid that fate by closing that door.
Cybersecurity is a complex issue with many facets. Make sure your business has all the resources it needs to protect your digital assets. Call the IT experts at Directive today at 607.433.2200 to learn more.