The Importance of Internal Cyber Security Controls
Much of business security focuses on outside risks. But, what about threats that exist internally?
According to the Cyber Security Intelligence Index from IBM, 60 percent of all attacks in 2015 were from insiders. These insiders were employees or partners that companies trusted with sensitive information stored within documents, disks, electronic files and laptops.
It’s hard to think of your employees or partners as attackers, but the importance of internal cyber security is of great value. This post explores the potential threats that exist when internal security is not in place.
Abusing User Access
Do you know which employees have access to key client or administrative accounts?
In 2015, former Waymo engineer Anthony Levandowski, allegedly downloaded more than 14,000 files containing information about the company’s self-driving-car technology, and copied the data to an external device. Levandowski left Waymo weeks later and started his own self-driving-truck company called Otto. The case goes on into more detail, but is just one example where an employee was accused of stealing company data.
User access restrictions are critical in maintaining internal cyber security. Businesses must have a clear understanding of who has access to sensitive company information and technologies. They should also limit access to only necessary individuals to reduce the risk of employees abusing their authority.
Downloading Malicious Internet Content
It’s no secret employees spend time surfing the web for personal use. Whether it’s watching videos, playing games or using social networks—it happens. But, this doesn’t just result in decreased productivity.
Threats like ransomware are often hidden in downloads made to appear like video clips or games. This isn’t as obvious to an employee that doesn’t have a background in cyber security. They can inadvertently download Internet content that could flood your business with malware and viruses. Consider installing updated versions of anti-virus and anti-malware software, as well as a smart firewall to protect your business.
Practicing Unsecure BYOD
Bring-your-own-device (BYOD) is an increasingly popular trend among businesses. BYOD is when companies let employees use personal laptops, tablets or mobile devices to access company files and resources. However, BYOD can pose major security risks, because not all employees have the proper security or management tools installed. BYOD increases the risk of:
- Data breaches because it’s difficult for a business to ensure data is secure throughout all these personal devices.
- Unsecure information due to physical loss or theft of the device. Some employees don’t password-protect their devices, making it easier for outsiders to gain entry.
- Third-party access into a device by downloading mobile applications infected with malware.
We understand BYOD is a convenient and affordable alternative to providing employees with company-owned equipment, but you need to be aware of the risks. Put a policy in place that requires employees to safeguard their equipment, limit access to sensitive data, and consistently monitor networks for any threats.
Using Outdated Software
Outdated software puts you at an increased risk of a security breach because it’s more likely to have flaws that can be exploited by hackers. New versions become available, and while developers work to maintain and repair old versions, there’s a point where they eventually stop to focus on newer versions. This could include updating web browsers or computer programs, including:
While using outdated programs and browsers isn’t intentional, it can be avoided by regularly checking for updates. Have your IT department consistently monitor all networks and devices for optimal security.
Vector Security Services
Vector Security provides solutions to keep your business protected and secure from internal threats. Some solutions include:
- Convenient, single point of contact for your network and security needs.
- Network Operations Center (NOC) services to monitor for active threats.
- Access control solutions for networks, facilities and devices.
You can never be too safe when it comes to cyber security. Whether it’s inadvertently downloading malicious content or using outdated software, cyber attacks do happen internally. Connect with a trusted vendor to avoid these internal threats.
How does your business protect itself from internal cyber attacks? Share in the comments below.