In very recent news, Twitter experienced a massive hack that compromised well known verified celebrity accounts like Barack Obama and Warren Buffett. A source suggested that this cyber attack is from an internal threat. Whether it was an individual that was willing to sabotage the company or through error, it highlights a major importance for organizations to take control of which users have access to valuable information and put things in place to prevent internal threats.
According to IBM’s 2015 Cyber Security Intelligence Index report, 55% of all attacks were carried out by either malicious insiders or inadvertent actors. Human error is almost always a factor in breaches as 95% of all breaches involved someone making a mistake. The threats come from any level in an organization, and higher-level employees with more access are often a bigger threat. That can mean accidentally posting information on the company’s public-facing website, sending information to the wrong party via email, fax, or mail, or improperly disposing of clients’ records. This is where employee training on cyber security becomes extremely valuable.
Consider these tips to reduce the occurrence of an internal cyber threat:
- Audit employee access levels and adjust them accordingly and frequently.
- Monitor employee activity and use applications designed for anomaly detection.
- Change passwords regularly and immediately after an employee leaves the company (Every user’s access should be managed throughout his or her entire employment, and not just when they leave the company.)
- Implement multi-factor authentication on accounts such as user mail and servers
- Regularly train employees on security best practices
Ultimately, it is difficult to completely avoid an internal cyber attack but preventative practices and education on the topic is key. Building trust with your employees and having constant open dialogue on the importance of security is a plus.
If your company is concerned with who might have access to your files, folders and network drives, call us at 780-701-1838 or email our team to learn more about how we can assist you to make sure your IT security is aligned with our IT best practices.