Sometimes the Greatest Risk Comes from the Inside
Cybersecurity continues to be an issue that dominates the news. Much has been made of the cyber-risk US companies face from foreign countries and outsiders. However, Bloomberg recently reported that “US companies and organizations suffered $40 billion in losses from unauthorized use of computers by employees last year.” In fact, the FBI has now issued a warning regarding the rise in hacking by current and former employees.
It stands to reason that employees can pose one of the biggest cyber-threats to corporations. Employees have access to sensitive information, passwords and data, and they can use cloud storage or personal email accounts to transfer sensitive information. While companies are working to protect themselves from outside hackers accessing their information, they must also ensure that they are protecting themselves from internal threats as well.
The question is: how can a company protect itself from internal threats while still allowing employees access to sensitive information when necessary? It’s a delicate balance, and here are some suggestions.
- Identify and evaluate who has access to confidential or sensitive information. Is it essential to the employee’s daily job function? Access should be on a need to know basis only. If an employee needs temporary access, make sure it’s temporary.
- Change passwords regularly.
- Establish policies regarding personal email and personal devices. Many companies restrict access to personal emails on company devices, and this can be an effective way to minimize risk. Consider policies surrounding the use of personal devices as this is another opportunity for employees to transfer data.
- Terminate the rights of all former employees. This could be the greatest risk – a disgruntled former employee accessing company data. Once an employee leaves, immediately terminate all access rights and change all necessary passwords.
Companies must find a way to allow employees to access the information necessary to do their jobs while closely monitoring how that information is being used, transferred, and shared.
Make sure you know who has access to your information today before you find yourself the victim of an insider cyber breach tomorrow.