by Max Emelianov, HostForWeb
You’ve doubtless heard the news by now. An unemployed man. A USB drive. Critical security data. This sort of thing could easily happen to you, too.
Plenty of folks probably scoffed derisively when they heard the news. An unemployed man on his way to the library found a thumb drive by the side of the road. Curious as to what it might contain, he brought it with him and plugged it into one of the library computers.
To say he was shocked would be putting it lightly The stick contained folders upon folders of sensitive, confidential details – everything from CCTV camera locations to maintenance tunnels to security routes for persons of importance like The Queen. For some reason, the man decided that rather than bring the stick to the police, he’d hand it to The Sunday Mirror.
At least he didn’t try to sell the information, I guess?
Now, there are certainly some holes in this story. For one, how did the USB stick wind up there? How did the stick avoid damage from the elements while it was there? And what are the chances that this was all some elaborate hoax – possibly a ploy by a whistleblower or an intentional leak?
I doubt we’ll ever really know the answer to any of those questions. And honestly? We don’t need to. They don’t really matter.
What does matter is what we can learn from this whole mess. Because the simple truth is that even if your organization doesn’t work with state secrets, your employees routinely mishandle sensitive information. To believe otherwise is downright naive.
With all the nasty stuff we’ve been seeing in the news lately – advanced black hat hacking squads, devastating global ransomware, attacks against critical infrastructure, and botnets that dwarf anything ever seen in the history of the computer age – it’s easy to forget that the biggest threat to your business’s data is within your own walls. These are the breaches that don’t always make headlines.
Yet they’re also the most frequent cause of compromised data.
Steve from accounting accidentally forwarding payroll information to his Aunt. Lisa from HR handling personnel files via an unsecured file sharing service. Bob from IT deciding to leak his company’s product roadmap to get revenge on his boss.
We’ve all known a Steve or two. And a Lisa. And a few Bobs.
“In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders,” writes HBR’s Marc Van Zadelhoff. “While industries and sectors differ substantially in the value and volume of their assets and in the technology infrastructures they have to manage and defend, what all businesses have in common is people — all of whom have the potential to be an insider threat.”
So what exactly can you do to address these insider threats? How can you protect yourself against your own employees? In a few ways, actually:
- Understand that people make mistakes. Have systems in place to prevent those mistakes. A file sharing utility that only allows authorized users to access the documents it stores. An Email DLP solution that covertly wraps attachments in DRM. Stuff like that can go a long way towards protecting your data.
- Make sure your employees are treated well. While there will always be a few bad eggs, you’re much less likely to deal with a malicious insider if your staff are well-treated and happy to be working for you.
- Ensure good password policies and best practices. Here’s the toughest step – you need to take measures to make your employees care about cybersecurity. Teach them why data protection is important. Show them how they can apply good security hygiene to their own lives. Make safety a habit for them.
It’s easy to thumb our noses at what happened to Heathrow. It’s much more difficult to admit that, were the circumstances different, this could have happened to our own business just as easily. But the reality is that it could – and denying that means it probably will.
Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.