Most companies recognize the security threats from outside their own organization – maybe it’s Chinese hackers trying to steal their trade secrets, or perhaps it’s a Russian organized crime ring trying to steal credit cards. As an industry, we in the Information technology field have been doing a decent job trying to educate business owners and decision makers about the need for security. It’s been a long road for some of us (I started down this path nearly 20 years ago), but finally, we are starting to see significant improvements in the area of security awareness.
What about Insider Threats?
But what about the “Insider Threats” from within an organization? Do you have people working for/with you that are detrimental to your important business data health? Are they very careless with sensitive information that could be used for malicious or nefarious purposes? How do you know people are taking the right precautions to protect this data or information?
Security breaches from the inside – depending on which report you read – can be up to 90% of the actual threat to your business. Why is it so high you might ask? Well, consider the “attack footprint” or surface area by which someone can access sensitive data. From the outside looking in, assuming you have the proper security in place, there shouldn’t be much that an outsider can get access to. You have a website (probably hosted by some other company) and you have email (again, hosted by someone else). However, your employees have access to everything. Databases of customer information, spreadsheets full of data, technical drawings, credit card and account information – a veritable cornucopia of information that makes your business who you are. And all available to someone working on the inside.
So what can you do to minimize the Insider Threats to your data but still allow the business to run? Surprisingly, quite a bit. The hard part is identifying the vulnerable areas and determining a path to help prevent the Insider Threat from compromising your business. We will explore this further in Part 2.
To learn more about the Insider Threats in your company, contact us today at [email protected] or 817-668-6995.