Stories about large scale external cyber attacks are the ones that usually make the news. Remember the Hollywood Presbyterian Hospital story from early 2016? There was a ransomware attack that shut down systems for more than a week and the hospital ended up paying about $17,000 in ransom (40 Bitcoins). Malicious external attacks sound scary and expensive. But some cybersecurity experts estimate that 58% of cyber attacks come from inside the company.
It’s important to know that while insider attacks can be costly and common, they aren’t usually malicious, intentional acts by disgruntled employees. Those account for a relatively small percentage of insider cyber attacks. Here’s a breakdown on the types of insider cyber attacks:
- Malicious – These are intentional attacks and could include leaking sensitive information to a competitor for either personal gain or to harm the company.
- Negligent – In these situations, risky workarounds and breaks from company practice by using shortcuts can leave the company exposed. Mobile working and time-saving tactics may set the stage for these attacks.
- Accidental – These are acts carried out with no intention of doing harm. Opening a malicious email attachment or “phishing” emails or software can catch out unsuspecting employees and install programs that breach confidential data.
In late 2016, news broke that 108 LA County employees were tricked into sharing passwords and usernames with an authentic looking phishing email. As a result, confidential health or personal records for over 750,000 people were put at risk. The hacker was caught and at last report, no information had been sold or released.
If insider security threats are prevalent, costly and often unintentional, how do you protect yourself and strengthen your company’s assets?
- Backup data. Give us a call and we’ll help you sort out what data backup service is right for you.
- Mitigate internal risks by using strong authentication measures. Passwords are the most common means of authenticating, but you may have used a smart card, retinal or fingerprint scan. We’ve recommended using Last Pass to set and store passwords.
- Keep software updated. Part of our services includes monitoring software, apps and plugin updates to make sure they’re tested and compatible with your system.
- Train employees well. This isn’t just important when you make a hire. We all get lazy and want to take shortcuts. Meet regularly with staff or have your digital consultants come in and go over best practices. Do your employees know the risks of working on company documents on an unsecured connection? We’re happy to give support and guidance in these types of areas.
We’ll continue to explore issues around cybersecurity in the coming months with an eye to ways you can strengthen your digital assets. If you have a specific concern or question, don’t hesitate to reach out and we’ll give you a free assessment of your system.