It is hard to believe but true: 95% of all corporate security incidents involve human error. Whether deliberate or accidental, humans are the weakest link in information security.
In fact, internal sources are responsible for 43% of enterprise data loss. US organisations suffered $40 billion in losses from unauthorised use of computers by employees in 2013 alone, and the average organisation experiences 9.3 insider threats every four weeks. Half of the time however, these incidents of data loss are accidental—employees simply don’t realise that they are unwittingly giving the world access to private company data.
In order to prevent insider threats, it is important to know where they come from. Here are the top 4 ways, good-intentioned employees cause data breaches:
Shadow IT Applications
Sometimes a well-meaning employee who is trying to get their work done faster may download software or applications to help, and in doing so expose your company to hackers and malware via vulnerabilities in the software.
Top Tip? Ensure that employees are unable to install or download software without an Administrator password.
Sync & share (cloud-based) applications are powerful tools for increasing employee productivity, allowing easy collaboration for remote teams. Unfortunately sharing data like this has a down side; 28% of employees have uploaded a file containing sensitive data to the cloud. Moreover, a team member might inadvertently delete a shared document or corrupt it, causing a major issue if that is the sole copy of the most recent version.
Top tip? Make sure that all your corporate files are backed up, even those in collaborative cloud-based software.
From urgent emails that appear to come from executives requesting large wire transfers, to seemingly friendly phone calls from hackers posing as corporate IT staff, social engineering as it is called, is on the rise at organisations of all sizes.
Top tip? Make sure you educate your staff on the most common ways hackers use social engineering to elicit sensitive data. New starter initiation and annual reviews serve as good times to educate and remind. Or get your IT company to do a presentation for employees on potential social engineering threats.
What appears to be innocuous password sharing can result in significant data loss. Employees often share passwords with co-workers or post their network passwords at their workstations, unintentionally allowing others to access the system using their credentials.
Top tip? Ensure that your IT company or IT manager informs each employee of the dangers of password sharing when they are issued log-in credentials. Placing reminder posters in the kitchen and even toilets can help ensure staff remain vigilant.
BTA is a London-based IT service provider specialising in corporate security, data back-up and business continuity. Using best of breed vendors and in-house expertise, BTA is able to deliver the latest technology in solutions that ensure your business isn’t undermined by an accidental breach or expert hacker. For more information on IT services from BTA, please email the IT company at firstname.lastname@example.org today.