October 27, 2017
Cybersecurity Threats Within Your Organization
We are all aware of cybersecurity threats from anonymous persons outside our organization, but have you thought about threats from within your organization? Does your security training include implementing steps to minimize the threats from within? Below are a few examples of inside threats to consider and include in your security awareness program and processes.
1. The lazy or disgruntled employee
How easy is it for your employees to access and share information such as personal identifiable information or company confidential data? For example, can they download any data (regardless of confidentiality status) to a thumb drive or share in other ways to employees outside of your organization. Are employees using simple passwords or sharing passwords? Any of these can lead to a leak of confidential information or an attack on your system.
2. The new employee
As the search and need for skilled Information Technology personnel continues to grow, you need to ensure your organization continues to follow stringent controls during the hiring process. Running background checks including criminal and financial history, talking to former employers, verifying education and references all take time and cost money, however, the cost of hiring an employee that either knowingly or unknowingly causes a cybersecurity attack is even greater. Vigilance in hiring is a key to preventing an attack.
3. Bring Your Own Device to Work
Most employees bring their own devices to work or work offsite logging in through a public WiFI with a VPN or hotspot. To ensure the company’s data is kept confidential and not open to other public WiFi users, it should be maintained in a secure environment with access controls. Your company also needs a strong security policy to make sure employees understand the risks of storing data on their personal devices including requiring data encryption for (at minimum) confidential files.
Don Cornish is the Chief Information Security Officer for Dewpoint. He has an extensive background in IT security architecture and consulting based on his experience for a leading national and global organization. Don has security and compliance consulting experience addressing multinational business entities as well as the small to medium business segments. In addition, he is a Certified Information Systems Security Professional (CISSP).