Insider threats: Not as uncommon as you thinkWhen we speak of cybercrime and data theft, we typically think of seasoned cybercriminals. But you’d be surprised to know that the cause of businesses becoming victims of cybercrime is most often their own employees--sometimes on purpose, sometimes inadvertently. Remember Bob from accounting who was let go? Or the new intern who worked for 3 days and never showed up? Yep! They could engage in cybercrime activities to ‘get back at you’. Many businesses have been victims of cyberattacks brought on by disgruntled employees, both current and ex.
No matter who attacks you virtually, whether it is a seasoned cybercriminal or an employee who is simply upset with the kind of coffee your office coffee machine makes, becoming a victim of cybercrime causes you a lot of damage. For starters it erodes the trust your customers have in your brand, it affects your brand negatively. If your data is held ransom, you have no choice, but to pay up the demanded amount of money, there may be legal/regulatory penalties to pay as well and then there are chances of lawsuits that you will have to settle. And, remember, your business won’t be running as usual during this time, resulting in a direct revenue loss as well. So, how do you prevent such internal threats? Here are a few tips.
- The first step is to recognize that your own staff can be a threat. Adopt a trust, but verify, approach and take the necessary steps in line with that attitude.
- Educate your staff about the dangers lurking online. This will prevent cases where your staff are inadvertently party to the crime. Sharing OTPs, passwords, use of unsecured Wifi networks, leaving devices unsecured, visiting suspicious sites, clicking on phishing links, opening dubious attachments, etc., are all examples of your employees accidentally opening the doors for a cybercriminal.
- Conduct sessions on corporate ethics, reinforcing what’s acceptable and what’s not. Also brief your staff on the consequences of unethical virtual behavior such as data theft, hacking or wilful compromise of your network and data security.
- Perform surprise audits to check if your IT policies are being adhered to. Take actions against staff found flouting the rules.
- Invest in cybersecurity systems such as firewalls, network monitoring tools that identify and alert you on abnormal IT activities, powerful anti-malware programs, role/permission based access management mechanisms.