Organizations and individuals are now taking online security seriously. A great percentage is on the lookout for external malicious attackers. Well done! There is just one tiny detail that we overlook which can turn out lethal than external attackers; insider threats.
Insider threats are often treated as angry employees or employees who have just been fired. I’m not saying that you disregard them, but there is more… Existing employees, contractors, associates, partners and any other person with information access can be a threat. Further, not all incidences can be malicious, one can unknowingly leak private information. What are the possible situations?
- Outgoing employees: I mean the ones ‘lefting’ the company, not the friendly and socially confident employees; don’t get me wrong. A friend of mine, a while back, fired an employee who left with the entire client list and used the list to try and divert clients to his new company.
- Moles: This can be one of the most trusted employees with an ill-motive of stealing information, sharing plans and data to competitors e.t.c Their motivation could be monetary, extending favours to friends/relatives etc
- Angry employees: This is more likely obvious to many, and many might have fallen victim to angry employees leaking confidential data. This has happened especially when a promotion or award has been given to a junior colleague, passing a senior one.
- Untrained/unskilled employees: It is very vital for companies to train employees on how to handle intellectual property, company information and the instances that can result in them leaking data to unauthorized people.
- Carelessness: For instance; a trained employee opening a suspicious email out of malice or curiosity and gets phished or infects his email with malware and ultimately spreads to other colleagues.
With that in mind, what can you do?
- Limit access. Don’t give access privileges to just anyone. In fact, limit the privileges to only what an employee needs access to perform their tasks.
- Awareness training. Train your employees and give refresher training on data security.
- Termination of employees. Make sure that when one leaves the company, whether fired or for other reasons, that they are deprived all access immediately including passwords.
- Have non-disclosure policies that can help you sue one who is in breach of contract in the event that intellectual property is stolen.
- Ensure you have a backup of your data such as emails and website files that can be restored in the event they are maliciously deleted. (We offer backup for websites and emails. Some of our plans also have a FREE guaranteed backup plan. See here)
- Check for system vulnerabilities. Do an assessment to check whether there are any loopholes in your system.
- Ensure there are secure passwords and access detail to any information you consider private. The passwords should also be strong and regularly changed.