Is your company safe?
When we think of data breaches, the image that often comes to mind is a foreign entity acting with malicious intent. Stories continue to dominate the news of cities and businesses falling victim to the ever growing threat of ransomware. Where are those cyber threats located? Research suggests they could be at the desk next to you.
In a survey of over 1,000 information security leaders, the 2019 Global Data Exposure Report, conducted by Code42, found that 69% of organizations said their breaches came from inside. Some actors were malicious while others were simply careless.
They didn’t mean to
It isn’t just lower level employees putting company data at risk. According to the Code42 research survey, 78% of CSOs and 65% of CEOs admit to clicking links they shouldn’t have. That’s a staggering number.
Last week I spoke with an IT professional who has a “repeat offenders” list at his office. These are employees known for opening anything sent to them. They click links, download files, and go to unprotected websites despite the protestations of the IT department.
Even with increased security training, these employees are still a threat to their company’s safety. They’re now on a list of people who have more blocked on their machines than those who use common sense security processes.
Going back to the Code42 survey, departing employees, even those leaving amicably, can pose a risk. The survey found 63% of departing employees admitted to taking data with them. This can include anything from client lists to source code and can be damaging to a company.
The mass exodus
63% of exiting employees may not sound as big as it is unless you consider the fact that over 40 million Americans left their jobs last year. Our work culture no longer involves being hired for a company and working there until retirement. Employees are likely to jump ship well before the 5 year mark.
With this mass exodus of employees from company to company, the idea that they’re taking and bringing data means much more is being shared than should. This culture isn’t likely to slow down any time soon. The solution is to safe guard company and customer data more closely than previously done.
One feature that PC Matic Pro offers to help combat this is a USB blocker. An administrator can stop any outside device from being connected to the machine via USB port to transfer data. It’s protections like these that are lacking in current security suites used by businesses.
And not all employees transferring data are acting maliciously. There’s a general lack of understanding of intellectual property and who it belongs to within an organization. It’s up to employers to make that clear to both incoming and outgoing staff. Anything created for the company belongs to the company, not the individual creating it.
Those who mean to do harm
On the flip side, there are employees, both exiting and current, that are looking to do harm. In some research I did on ransomware trends, I found that there are programs for purchase on the dark web that will hold your hand through the creation and deployment of ransomware and malware. You don’t have to be tech savvy to launch an attack.
Even without the creation of malware, some disgruntled employees have permissions they shouldn’t have. Most companies are empowering their employees to work and create, which is wonderful (have you ever had a micromanaging boss? I have, it’s awful, and the reason why I scooted out of that place quickly.) Without the proper security measures in place, however, the company is leaving itself open to theft and attack.
What to do
In the end, company security comes down to vigilance and diligence. Creating a company culture of empowering, educating, and respecting employees can go a long way toward making them feel ownership of the company’s security. Most employees want to do a good job and want to provide their company with excellent work. When they feel trusted and empowered, they’re more likely to exude those positive, security minded traits.
And for those who aren’t the most altruistically minded, setting up a system of security protocols with checks and balances can help protect the company. At the end of the day, a well protected company is job security for us all.