Skip to main content

Insider threats: Not as uncommon as you think

Insider threats: Not as uncommon as you think

When we speak of cybercrime and data theft, we typically think of seasoned cybercriminals. But you’d be surprised to know that the cause of businesses becoming victims of cybercrime is most often their own employees--sometimes on purpose, sometimes inadvertently. Remember Bob from accounting who was let go? Or the new intern who worked for 3 days and never showed up? Yep! They could engage in cybercrime activities to ‘get back at you’. Many businesses have been victims of cyberattacks brought on by disgruntled employees, both current and ex.

No matter who attacks you virtually, whether it is a seasoned cybercriminal or an employee who is simply upset with the kind of coffee your office coffee machine makes, becoming a victim of cybercrime causes you a lot of damage. For starters it erodes the trust your customers have in your brand, it affects your brand negatively. If your data is held ransom, you have no choice, but to pay up the demanded amount of money, there may be legal/regulatory penalties to pay as well and then there are chances of lawsuits that you will have to settle. And, remember, your business won’t be running as usual during this time, resulting in a direct revenue loss as well. So, how do you prevent such internal threats? Here are a few tips.

  1. The first step is to recognize that your own staff can be a threat. Adopt a trust, but verify, approach and take the necessary steps in line with that attitude.
  2. Educate your staff about the dangers lurking online. This will prevent cases where your staff are inadvertently party to the crime. Sharing OTPs, passwords, use of unsecured Wifi networks, leaving devices unsecured, visiting suspicious sites, clicking on phishing links, opening dubious attachments, etc., are all examples of your employees accidentally opening the doors for a cybercriminal.
  3. Conduct sessions on corporate ethics, reinforcing what’s acceptable and what’s not. Also brief your staff on the consequences of unethical virtual behavior such as data theft, hacking or wilful compromise of your network and data security.
  4. Perform surprise audits to check if your IT policies are being adhered to. Take actions against staff found flouting the rules.
  5. Invest in cybersecurity systems such as firewalls, network monitoring tools that identify and alert you on abnormal IT activities, powerful anti-malware programs, role/permission based access management mechanisms.
An MSP specializing in cyber security will be able to help you build a secure IT environment that takes into account all of these and more, so you don’t have to worry about threats to your data.

Comments

Popular posts from this blog

How the Coronavirus crisis is the gateway to the other kind of virus

How the Coronavirus crisis is the gateway to the other kind of virus To say the COVID-19 pandemic gave the whole world a tough time would be an understatement. Economies collapsed, joblessness rose, people lost their loved ones and livelihoods to the disease. Adding to this situation was the need for social distancing and self-isolation which took a toll on mental health of millions across the world. 10 months into the pandemic or perhaps even before, people started growing tired of it and just when it seemed like humankind will give up collectively, there was a light at the end of the tunnel--Vaccines. While the news of the first vaccine being approved and then administered in December 2020, was a huge victory for humankind and rightly welcomed with claps and cheers, cybercriminals were cheering too. For cybercriminals, this was a great opportunity to exploit the eager, mentally fatigued and vulnerable populace. Emails were sent with phishing links disguised as genuine which urged the

Data security in the ‘Work-from-home’ environment

Data security in the ‘Work-from-home’ environment 2020 threw a lot of challenges at the world. One of them, from the business perspective, that overshadowed the others was cybersecurity. How to ensure data safety and security in an environment where businesses can’t really control what employees do even during work hours? With the world almost a year into the pandemic, new best practices emerged that will be in use not just during the pandemic, but probably also in the future, post-pandemic era. Because the trend of working from home now seems to be here to stay. This blog will discuss some best practices for data security that can be deployed when working remotely. If you can provide your employees with a computer that they will solely access for work, then that solves the majority of the issues. When employees use their own devices for accessing work data, the risk of a security breach is higher as businesses don’t have any control over staff’s personal devices. Your employee’s com

WFH is here to stay Are you ready?

WFH is here to stay. Are you ready? The year 2020 was nothing like what we had seen before. At a certain point in time, it felt like the world would come to a standstill. With lockdowns and travel restrictions imposed across the world, businesses were pushed into a ‘new normal’. One of the things that was a part of the ‘new normal’, was working from home. This WFH set up brought along with it multiple challenges, especially to those organizations which weren’t into this model already. Accessing critical work information, carrying out meetings on Zoom, attending conferences remotely and even setting up trade show booths online, were all new concepts. While the pandemic may be temporary, one thing is certain--the remote work culture is not. WFH existed even before the Coronavirus pandemic. There were a sizable number of companies--primarily in the IT industry that routinely hired remote workforce. Freelancers operated remotely too for the most part. However, the pandemic forced every com