Skip to main content

Insider threats: Not as uncommon as you think

Insider threats: Not as uncommon as you think

When we speak of cybercrime and data theft, we typically think of seasoned cybercriminals. But you’d be surprised to know that the cause of businesses becoming victims of cybercrime is most often their own employees--sometimes on purpose, sometimes inadvertently. Remember Bob from accounting who was let go? Or the new intern who worked for 3 days and never showed up? Yep! They could engage in cybercrime activities to ‘get back at you’. Many businesses have been victims of cyberattacks brought on by disgruntled employees, both current and ex.

No matter who attacks you virtually, whether it is a seasoned cybercriminal or an employee who is simply upset with the kind of coffee your office coffee machine makes, becoming a victim of cybercrime causes you a lot of damage. For starters it erodes the trust your customers have in your brand, it affects your brand negatively. If your data is held ransom, you have no choice, but to pay up the demanded amount of money, there may be legal/regulatory penalties to pay as well and then there are chances of lawsuits that you will have to settle. And, remember, your business won’t be running as usual during this time, resulting in a direct revenue loss as well. So, how do you prevent such internal threats? Here are a few tips.

  1. The first step is to recognize that your own staff can be a threat. Adopt a trust, but verify, approach and take the necessary steps in line with that attitude.
  2. Educate your staff about the dangers lurking online. This will prevent cases where your staff are inadvertently party to the crime. Sharing OTPs, passwords, use of unsecured Wifi networks, leaving devices unsecured, visiting suspicious sites, clicking on phishing links, opening dubious attachments, etc., are all examples of your employees accidentally opening the doors for a cybercriminal.
  3. Conduct sessions on corporate ethics, reinforcing what’s acceptable and what’s not. Also brief your staff on the consequences of unethical virtual behavior such as data theft, hacking or wilful compromise of your network and data security.
  4. Perform surprise audits to check if your IT policies are being adhered to. Take actions against staff found flouting the rules.
  5. Invest in cybersecurity systems such as firewalls, network monitoring tools that identify and alert you on abnormal IT activities, powerful anti-malware programs, role/permission based access management mechanisms.
An MSP specializing in cyber security will be able to help you build a secure IT environment that takes into account all of these and more, so you don’t have to worry about threats to your data.

Comments

Popular posts from this blog

Social media at work what could go wrong?

Social media at work...what could go wrong? As a business, there is no doubt today that you need to make your presence felt on major social media platforms such as Facebook, Twitter, Instagram and LinkedIn. But social media also exposes you to cybercriminals. In this post we talk about the steps you can take to ensure your social media account doesn’t become a gateway for cybercriminals to access your data. Make someone accountable The first step to a successful and safe social media experience as a company is to make someone in your organization accountable for it. Designate a social media manager who is responsible for maintaining your company’s social media accounts. This person should oversee everything--from the posts and pictures in your company account to approving/disapproving ‘Friend’/’Follow’ requests. Train your employees Of course you should train your employees who handle your official social media accounts about the security threats and how they need to steer clear of the

Do your homework: 3 things to do when looking for an MSP

Do your homework: 3 things to do when looking for an MSP Thinking of hiring a Managed Service Provider, but not sure how to go about it? Here are a few things to do before you zero in on one. Figure out what you have already The first step in a good plan is to figure out where you stand currently. Before you talk to an MSP, conduct an audit of your IT infrastructure to decide what you have currently. List all your hardware and software. When performing this IT audit, don’t forget other technologies that you are using, such as biometric access systems, CCTV systems and even telephone systems. You may think they are irrelevant as they are not directly related to your IT infrastructure, but, in the near future you may want them all to be connected to one another, and so, including them in the audit and inventory right now is a good idea. Figure out what you need This is the next step. After you determine what you already have, the next step is to figure out what you need. What do you wan

Why MSP relationships fail

Why MSP relationships fail A lot of SMBs opt for managed service providers who can help handle their IT requirements, and for the most part, it works well. Almost everyone knows the benefits of having a MSP manage your IT. Increased cost savings, ability to focus on your business without worrying about IT, better IT support and expertise, and so on. But, there are times when the managed IT services model fails, leaving business owners to wonder what went wrong. This blog discusses some key reasons why MSP relationships fail. You didn’t do a reference check Did you just pick the first MSP you found on the Google search? Did you just go by the presentations they gave you, or the information on their website? Always remember to ask your MSP for references. Talk to someone they work with and get feedback. They don’t have enough staff If your MSP is short of staff, they won’t be able to give you the attention you need. One of the biggest advantages of bringing an MSP onboard is having someo