Most employees and business partners are honest, loyal, and committed to doing a great job. Yet insider threats remain among the most significant security threats businesses face today. Whether intentional (an employee steals and sells your customer data because they’re mad they didn’t get a raise) or unintentional (a hacker used social engineering to trick them into forking over a password), most data breaches today begin with insider threats — threats from your own employees, partners, or vendors.
Between hackers and cyber terrorists, angry ex-workers and clueless vendors, what does it take to keep your data safe in this age? Here are essential strategies for preventing data breaches.
Dealing with angry employees is only a small part of the problem when it comes to protecting your data against insider threats. Smart hiring practices, rigorous screening during the hiring process, and regular monitoring of your systems and users is essential. But most data breaches caused by employees are unintentional. Ignorance is as dangerous as malice. Invest in regular employee training, including education on:
Have IT use access levels to grant access to systems and data on an as-needed basis. This protects the employee, as well as your business, because they can’t lose what they don’t have access to.
Ideally, all workers put in a 2-week notice, giving your IT team ample time to scrape sensitive data off their mobile devices, shut down all their user access privileges, and erase all the data on their work PC. In real life, employees just don’t show up one day, or they have a fatal car accident and you have no idea where their phone and laptop wound up, or their stepson with a drug addiction makes off with their work notebook and all their access codes. IT needs a way to wipe data from all accounts and devices, even if the worker and/or their work devices aren’t physically available.
Though insider threats remain a top concern, smart businesses are also prepared for the outsider attack, either via brute force, persistent attack (DDoS), social engineering, backdoor threats and zero-day attacks, or other threats. Today’s hackers aren’t necessarily super-geniuses. Hacking tools are available on the Dark Net that give even newbies and those with less-than-stellar hacking skills the ability to hack into fairly well-protected systems. Cyber security begins with a strong, current anti-malware software package, but that’s just one element of a multi-layered IT security system. Here’s what every business needs:
Having only your own IT team conduct risk assessments is like getting your teenager to guard your car keys. It’s human nature to overlook one’s own mistakes, to downplay weaknesses, or simply to excuse lapses in security as acceptable. A risk assessment by an outside agency assures the process is thorough and unbiased. Plus, your IT folks are probably specialists in other things, like network administration, systems design, and software development. Professional risk assessment teams have training and experience in cyber security.
No business is an island unto themselves. It takes a network of vendors, suppliers, and partners to get things done today. It’s convenient and efficient to grant system access to third-party vendors and partners to keep orders updated, check order statuses, and for payment purposes. Do your vendors and partners have the same rigorous hiring and training practices that you employ? What’s the difference in their employees going rogue and stealing data, or falling for a phishing scam, and one of your own employees doing so? Assure that your vendors, partners, and contractors use the same careful procedures to assure security as your business does. Otherwise, don’t allow them access to your sensitive systems.
It’s a scary world out there, especially for unguarded data. According to recent research by IBM, every stolen record costs your business an average of $158; the average breach costing companies $4 million each. This is 29 percent higher than the cost of a data breach just four years ago. Is your business protected from data breaches?
Subscribe to our newsletter and get payment processing news & insights sent to your inbox.
You can unsubscribe at anytime.