Educate yourself to reduce security threats.
Who needs hackers or malicious insiders?! You can do just as much damage all by yourself!
We’ve been saying it for years, and once again, a major security threat report confirms it: nearly 20% of all security breaches stem from improper employee behavior.
According to Verizon’s 2016 Data Breach Investigations Report, 10,489 total insider-related incidents were discovered during the previous year, with 172 of those incidents resulting in full data disclosure. These breaches are the result of insider actions that span the accidental exposure of private data to the careless loss of hardware.
Breaches also happen when users are granted inappropriate levels of permission to access sensitive company resources. The Verizon report says that among the actors perpetrating these crimes, “almost one third were found to be end users who have access to sensitive data as a requirement to do their jobs.” Privileged users, with administrative rights can pose as much of a threat as external hackers. These users also tamper with protections, further putting data at risk. And worse, they are ignorant of the potential consequences of such behaviors.
The report shows that employees continue to store sensitive files online, share logins and passwords, and engage in other risky behaviors, failing to observe even the most basic of security precautions.
Cybercriminals know this.
Which is why malware sent through email remains a persistent threat (1 in 220 emails contained a malicious attachment).
Social media is also a happy hunting ground as users continue to fall for schemes including “like-jacking”—fake Like buttons that install malware—and phony plug-in scams that get users to download bots that steal sensitive information. Or the attractive come-on offers that net users’ login credentials and require them to forward the offer to ten friends.
NetDiligence’s 2015 Cyber Claim Study shows that of claims submitted caused by insider threats, mistakes by staff members is equal to the number of malicious attacks made by rogue employees. Employee behavior is a dominant factor in an organization’s security. And yet, the fact is most users want to exercise security competence. So help them do that.
Where do you start? Begin by educating yourself your security-related behaviors. Drill security awareness and compliance principles into the very fabric of your workday. Promote that security behavior to your supervisors, and infuse it with accountability. You dramatically reduce your risk profile, and your colleagues, customers, shareholders, and other vital stakeholders will thank—and reward—you.