Many might think of cyber threats as external, where vicious criminals try to break down a company’s security defence. But have you ever considered that cyber threats might occur from inside the company as well? For the vehicle company MNH Platinum, cyber threats became a reality when an unaware employee in February opened an attached link by mistake. In a matter of seconds, the virus within the link spread and threatened the entire existence of the company, and this is far from an isolated case. As the rate of security breaches continues to increase, data security and employees’ unawareness towards it have never been more important.
Threats from the inside
Today, the American, technology company Symantec has estimated, that five out of six large companies have suffered from a security breach, and cybercriminals are only getting faster, sneakier and more creative by the day. It would be rational to blame security breaches entirely on the cybercriminals, but the fact is that without unaware employees located inside the company, a large part of security breaches would never have happened.
The latest Security Breach Investigation Report by Verizon shows that 95% of security breaches can be divided into nine breach patterns and within these nine patterns, four of the top five most common breaches has a direct connection to the employee’s unware behaviour. This includes: Bad choice of passwords, sensitive messages send to the wrong person, being tricked into clicking on a phishing email or physical loss of information.
The security dilemma
So, why do companies not just start setting up security policies for their employees? Maybe because it is not as easy as it sounds. Carl S. Young, who is a former senior executive in the FBI and Global Head of Security Technology at Goldman Sachs, explains that he has experienced an inverse relation between security and inconvenience, which leads employees to develop an unaware behaviour towards security. This means that the more rules companies set up for their employees, the less convenient it is for them to get work done, as they will have to change passwords, be extra careful when opening an email or double check the recipient. It is clear, that as long as the employees’ willingness towards accepting inconvenience are not existing, it has a direct negative effect on the security. So what does companies do to prevent their employees from being more of a threat than a security?
Related:5 ways to keep your data safe.
Educate the employees
In order to find a solution, it is important for companies to make their employees take data security seriously and accept inconvenient security policies. They have to understand the reality of the threat and what kind of data damage cybercriminals can actually cause. This can only be done by educating the employees and teach them how to be more aware of the united responsibility within the company, when interacting with systems that need to be protected.
In most cases, the IT department takes action in educating the rest of the employees on how to behave, because of their knowledge within IT and technology. But not every company has this privilege due to the size of the company or lack of resources. Such companies are instead in need of a different solution! Nordic IT has created an IT Management service, with the purpose to help companies with any given technological issue and especially regarding data security. The service team behind provides customers advice and guidance on every aspect of securing data, ranging from showing possible pitfalls to educate on how to handle different kinds of files as well as spotting the red lights when an email should be handled with extra precautions. That means that companies can minimise the risk of a security breach by using Nordic IT’s IT Management service.
TO SUM UP: Cybercriminals are no longer the single threat to security breaches. Instead we see another threat: Employees and their unawareness. This unawareness are good news to cybercriminals, but bad news data security. To prevent data breaches, employees must learn to understand the gravity of their actions, they must be educated and they must understand, accept and follow the security policies to keep companies’ data safe. However, it would be naive to think that companies will ever be fully guarded against cybercriminals or security breaches, which is why companies can only do their best to try to reduce the risks of ending up as victims by stepping up and create a safe guard from the inside.