Employees - The Insider Threat
Employees are a threat that very few organisations account for. As business owners and decision makers we like to be able to trust our employees to complete their assigned work and contribute to the achievement of business goals.
However, there are situations in many organisations where some of these trusted employees become an organisational threat. It would be unfair to say that these employees know that they have become a threat, as sometimes innocent mistakes, rooted in lack of security training, can lead to financial and reputational damage. The types of employees that pose security risks can be categorised into the following:
Malicious Users – These people purposefully delete, override, expose and steal valuable data with the intent of harming the business, often for personal gain.
Lazy Techies – Does not enable or use basic security settings, such as 2FA (2 Factor Authentication) so accounts are hacked and data is stolen. Even worse if this happens in an admin account due to unrestricted access and it often takes a very long time for organisation’s to realise that it has happened.
Fool’s Gold – Victims of phishing or spear-phishing tactics. I.e. they receive an email from the CEO asking for a transfer of money into a specific account or for bank information. Naively the employee replies with the information, thinking that the initial email was genuine.
Lock Smiths – An employee with privileged access rights that exfiltrates the data with malicious intent.
Big Talkers – Unhappy, often ex-employees, that contact the media and reveal your growth plans, confidential information and intellectual property.
Scatter Brains – Employees that download unapproved “updates” and software that contains malware, which injects it into the system. This can cause a great deal of damage until it is uncovered and remediated by the IT team.
So how can you mitigate these risks?
Honestly, it can be extremely difficult to mitigate these risks. However, the development of policies, cyber security education and restricting access are three ways that you can begin. There are also a number of systems and software solutions that can assist you.
Eventura have a wealth of experience in educating employees and reducing the internal threats that many businesses face. As a member of the North West Cyber Security Cluster, the Cyber Exchange and having been accredited as a Cyber Essential Plus organisation, you can rest assured that you are in good hands.