Select Page

When people consider threats to security, they usually imagine hackers and cybercriminals getting into systems from outside. However, the issue can stem from employees. It could be intentional, or the employees may not be trained properly. Your business may not have strict security policies in place. Because as many as 28% of data security incidents come from the inside, it is important to protect yourself. 

  1. Intentional Threats

The worst kind of insider threat is intentional. While it is rare, it happens, and it is harder to detect and costs more than outside attacks. Back in 2014, AT&T experienced this type of attack, as well as Sony, JPMorgan, and Home Depot. Not only did it cause customers’ social security numbers, birth dates, and drivers’ license numbers to be exposed, but these companies were hit with large fines. The best way to prevent this attack is by paying attention to employees and making sure that you only allow access to sensitive data to those who need it. 

  1. Password Issues

The way that people use passwords is a huge threat to businesses today. Many people use the easiest combination of letters or numbers to remember, which makes it easy for hackers to get in. It only takes ten minutes to hack a six-character password in all lower case. When you add a few capitals, it takes them ten hours. Once you add numbers and symbols, it takes up to 18 days. Make sure that your employees use longer passwords with upper and lower case letters, numbers, and symbols, and require them to change the passwords frequently. 

  1. Access Policies

Another way that businesses suffer is from weak access policies. It is important to make sure that the only people who access systems and files are those who need to. Access should be revoked as soon as a person no longer needs it. You could have an employee who accesses one and opens it. This leaves a cached copy on their workstation, which opens up another door for hackers. You need a strict access policy with folders being inaccessible as the default setting.