It's a known fact that companies rely on security solutions to protect their networks. But while outside threats are being dodged left and right, businesses are giving a warm welcome to one of their biggest risks: their employees.
While the Ponemon Institute’s 2016 Cost of Data Breach report found most data breaches were caused by malicious or criminal attacks, 25% were linked to negligent employees or contractors. Not even the federal government is safe. Remember Edward Snowden and Chelsea Manning? The Associated Press discovered employees were to blame for at least half of the federal cyberincidents each year since 2010.
There are three types of employees who can be a company's worst enemy:
These people have good intentions, but they lack a basic understanding about security. They innocently share work-related passwords among co-workers. These employees unknowingly click a link containing malware or a virus in an email or on social media. They accidentally share sensitive data using their personal, unsecure email because a file is too big. These people mistakenly allow loved ones or friends to use their work devices.
These people tend to bite off more than they can chew, inadvertently putting their company's security in jeopardy. These internal threats frequently work after hours, using their personal, unencrypted cell phones, tablets, and/or computers. By removing a device from their workspace, they significantly increase the possibility of losing it or having it stolen. If they work out of the office, they may connect to an unsecured WiFi network.
These disgruntled people want revenge. The majority are former employees, and some say they find it incredibly easy to hack into their former employer's network. These malicious people walk out with company-issued cell phones, computers, and/or other devices. Their corporate accounts weren't suspended. Passwords weren't reset. There is also a possibility they've plotted their revenge for a while, emailing confidential information to a personal account or uploading it all to DropBox.
safeguard your network
The best way to protect your network is to simply educate your employees by offering ongoing training. Your company may also want to consider a Bring Your Own Device (BYOD) policy. Make sure your IT department is keeping the network up to date. Does your team know how many devices are attached to your network at any given time? A Managed Service Provider (MSP) can monitor your IT network for disruptions 24/7/365.