The Importance of Internal Cyber Security Controls

Thursday, March 1, 2018 by under Access Control, Data & Cyber Security/Hacking

Much of business security focuses on outside risks. But, what about threats that exist internally?

According to the Cyber Security Intelligence Index from IBM, 60 percent of all attacks in 2015 were from insiders. These insiders were employees or partners that companies trusted with sensitive information stored within documents, disks, electronic files and laptops.

It’s hard to think of your employees or partners as attackers, but the importance of internal cyber security is of great value. This post explores the potential threats that exist when internal security is not in place.

Abusing User Access

Do you know which employees have access to key client or administrative accounts?

In 2015, former Waymo engineer Anthony Levandowski, allegedly downloaded more than 14,000 files containing information about the company’s self-driving-car technology, and copied the data to an external device. Levandowski left Waymo weeks later and started his own self-driving-truck company called Otto. The case goes on into more detail, but is just one example where an employee was accused of stealing company data.

User access restrictions are critical in maintaining internal cyber security. Businesses must have a clear understanding of who has access to sensitive company information and technologies. They should also limit access to only necessary individuals to reduce the risk of employees abusing their authority.

Downloading Malicious Internet Content

It’s no secret employees spend time surfing the web for personal use. Whether it’s watching videos, playing games or using social networks—it happens. But, this doesn’t just result in decreased productivity.

Threats like ransomware are often hidden in downloads made to appear like video clips or games. This isn’t as obvious to an employee that doesn’t have a background in cyber security. They can inadvertently download Internet content that could flood your business with malware and viruses. Consider installing updated versions of anti-virus and anti-malware software, as well as a smart firewall to protect your business.

Practicing Unsecure BYOD

Bring-your-own-device (BYOD) is an increasingly popular trend among businesses. BYOD is when companies let employees use personal laptops, tablets or mobile devices to access company files and resources. However, BYOD can pose major security risks, because not all employees have the proper security or management tools installed. BYOD increases the risk of:

  • Data breaches because it’s difficult for a business to ensure data is secure throughout all these personal devices.
  • Unsecure information due to physical loss or theft of the device. Some employees don’t password-protect their devices, making it easier for outsiders to gain entry.
  • Third-party access into a device by downloading mobile applications infected with malware.

We understand BYOD is a convenient and affordable alternative to providing employees with company-owned equipment, but you need to be aware of the risks. Put a policy in place that requires employees to safeguard their equipment, limit access to sensitive data, and consistently monitor networks for any threats.

Using Outdated Software

Outdated software puts you at an increased risk of a security breach because it’s more likely to have flaws that can be exploited by hackers. New versions become available, and while developers work to maintain and repair old versions, there’s a point where they eventually stop to focus on newer versions. This could include updating web browsers or computer programs, including:

While using outdated programs and browsers isn’t intentional, it can be avoided by regularly checking for updates. Have your IT department consistently monitor all networks and devices for optimal security.

Vector Security Services

Vector Security provides solutions to keep your business protected and secure from internal threats. Some solutions include:

  • Convenient, single point of contact for your network and security needs.
  • Network Operations Center (NOC) services to monitor for active threats.
  • Access control solutions for networks, facilities and devices.

You can never be too safe when it comes to cyber security. Whether it’s inadvertently downloading malicious content or using outdated software, cyber attacks do happen internally. Connect with a trusted vendor to avoid these internal threats.

How does your business protect itself from internal cyber attacks? Share in the comments below.

The content herein is provided for informational purposes only, "AS IS" and without any representation, warranty or condition as to its accuracy or reliability. The content herein is not intended to modify, and does not modify, the terms and conditions of any agreement between you, including the company or entity you represent (“You”), and Vector Security, Inc. and/or its affiliates (collectively, “Vector”), or to create any legal obligation of Vector to You with respect to content or otherwise.

 

Please read our commenting policy before posting comments.


comments powered by Disqus