In 2021, most SMBs are at least somewhat familiar with threats coming from the outside, such as ransomware, phishing scams, and denial of service attacks. However, they seldom have the same awareness of threats coming from the inside.
When they do, they typically associate the so-called insider threats with disgruntled ex-employees seeking revenge. In reality, 71 percent of insider threats are unintentional, which only makes them that much harder to detect and prevent.
You could, of course, choose to ignore the problem because you have faith in your employees’ ability to recognize and avoid common cyber threats, but that could be a very costly decision. It turns out that unintentional insider threats account for around 25 percent of data breaches, and we don’t need to remind you why their prevention should be your top priority.
Instead of simply hoping that your employees won’t unintentionally put your company at risk, you should become familiar with the riskiest behaviors most employees engage in every day and strengthen your defenses accordingly.
Threat #1: Falling Victim to Phishing Attacks
Despite its simple premise, phishing and other social engineering attacks are the biggest cyber threat today. According to Avanan’s phishing statistics, every employee is, on average, targeted by nearly five phishing emails during a five-day workweek, and it takes just one bad decision for attackers to achieve their shameful goal.
Protection against phishing attacks can start with effective email filtering, but it mustn’t end there. Why? Because email filtering can create a false sense of security and make employees feel that every email message they receive can be trusted. Employees must also be trained to recognize the telltale signs of phishing scams by receiving cybersecurity awareness training.
Threat #2: Unsafe Web Browsing
If the web were an ocean, it would be full of hungry sharks, poisonous jellyfish, and pirates with automatic rifles. The problem is that many employees regularly swim in this ocean with the same relaxed attitude as if they were swimming in their backyard pool, downloading potentially infected files, visiting websites with inappropriate content, and posting personal information on social media websites.
To discourage unsafe web browsing, you need to put together an internet usage policy. The purpose of an internet usage policy is to provide employees with rules and guidelines about what is deemed to be appropriate internet browsing behavior in the workplace. You should also consider using employee monitoring software to detect unsafe web browsing before it results in a costly cybersecurity incident.
Threat #3: Ignoring Password Best Practices
It’s no wonder that employees often ignore or are unaware of password best practices. After all, regular password changes and complex password strength requirements were the norm not that long ago. That, however, doesn’t change anything about the fact that frequent password reuse or unsecure password sharing and storage are real problems that affect countless organizations every year because they make it easy for cybercriminals to gain access to protected systems and data.
Employees should be regularly reminded of password best practices through cybersecurity awareness training, but they also need to be equipped with tools that make it easier for them to create and use strong passwords. More specifically, they should have access to a secure password manager capable of generating uncrackable passwords and keeping them locked in an encrypted vault until they’re needed.
Threat #4: Not Installing System and Application Updates
It may surprise you to learn that 60 percent of all breaches are caused by unpatched vulnerabilities. The number will likely become even higher as more and more organizations embrace remote work as the new default way of doing business. Remote employees often use a mix of personal and work devices, many of which may be completely invisible to IT departments. Such devices are attractive targets because employees often neglect to install available updates, making them vulnerable to hacking attempts.
Since unpatched devices and software applications go hand in hand with the proliferation of shadow IT, the use of information technology systems, devices, software, applications, and services without explicit IT department approval, that’s where you should focus your attention first. From there, you can implement a patch management policy and take advantage of automated patch management tools.
Threat #5: Storing and Transferring Data in an Unsecure Manner
Sensitive data must be stored in a secure manner—that’s obvious. What’s not so obvious is that employees and cybersecurity professionals don’t always have the same level of security in mind. For example, an employee may think that it’s perfectly fine to store work-related files in a personal cloud as long as the files are protected by two-factor authentication. Or a team may see nothing wrong with using their instant messaging service of choice to share sensitive documents because the service uses robust encryption.
Such well-intended actions often have grave consequences because employees sometimes overestimate their ability to keep cyber threats at bay or are not fully aware of them in the first place. That’s why employees should be reminded to use only approved storage and data transfer solutions. It’s also a good idea to teach employees how they can encrypt individual files as well as entire storage devices and computers so they can take their data security to the next level.
Prevent Your Employees from Putting Your Company at Risk
It wouldn’t be an exaggeration to say that the biggest danger lies inside your own organization, and this danger is called the insider threat.
To defend yourself against it, you must familiarize yourself with the most common ways well-meaning employees sometimes cause expensive data breaches and strengthen your defenses accordingly.
If your resources and IT expertise are limited, then a partnership with a provider of managed IT services such as us at Aligned Technology Solutions can be the best way to prevent your employees from putting your company at risk without losing focus on your core objectives.
Get in touch with us and let your cybersecurity worries be our concern.