Before you even begin to address the dark world of cybercrime or sponsored attacks, plotting to compromise your IT systems; you should first remember that cyber security begins at home. By home, I mean the business owners, their senior managers, their staff and their third party contractors.
It is a salient point that security breaches by staff or third party contractors – whether malicious or accidental – are one of the largest sources of cyber-attacks on an organisation’s systems. And cyber criminals will seek out the weak points in your organisation as these present the easiest opportunities for attack.
How can I ensure my systems are safe from within?
Before we look at solutions, we must understand the various ways in which employees and contractors can be responsible for security breaches.
Careless employees – Obvious examples of careless behaviour include: staff who use weak passwords, staff who surf unauthorised websites and staff who click on links or open attachments in suspicious emails. Then there are staff who don’t take proper care of their personal or company devices.
Vengeful ex-employees – This happens more than you might think as ex-employees believe they won’t be caught. This is especially so if they had access to systems, networks and databases with privileged passwords.
BYOD (Bring Your Own Device) – The fact that a firm’s information is shared to or copied onto personal devices creates an inherent risk of theft. Passwords on personal devices are often weaker than those used at the workplace, making them vulnerable to hacking.
Unauthorised devices to the network – Many don’t think twice about connecting their own devices to the company IT infrastructure. This can facilitate the introduction of malware into the organisation’s systems, or provide an entry point for a hacker.
Third party service providers – Service providers are often an important part of your extended team but can pose a risk if their security practices are not as rigid as your own. It is not unusual for contractors to use a single or shared password for all their employees – and often the password used is weak to facilitate new staff.
This makes the potential theft of login details relatively simple – often simply by guessing.
Continue to find out what seven steps can minimise the risk of insider threats.
Share this story