RTC's The Communicator for Spring 2017

SPRING 2017

hen you think of security breaches, anonymous hackers

probably come to mind first. They certainly are respon-

sible for many computer viruses and phishing attacks.

But hackers are not the only culprits. Security breaches can also occur

from inside a business—ranging from deliberate actions by dis-

gruntled employees to accidental breaches caused by human error.

Don’t wait for a problem to occur. Review these basic precautions

to help protect your company data from internal threats:

1. Revoke account access when an employee leaves.

This

is the single best thing you can do to prevent security breaches.

Here’s a cautionary tale: In one case, a system administrator was

terminated for cause. As he cleaned out his desk, he deleted one

file—the file that held all the encryption keys for the employees

and the corporate escrow key for all the encrypted files held by

the company. The 20-plus employees who used the key from the

server lost access to all their encrypted files. With one keystroke,

everything those employees had done for the previous three

years was lost.

2. Do your backups.

An essential safeguard against internal data

sabotage is having an effective backup system to keep mission-

critical data secure. This statement can’t be repeated often enough.

3. Account for data and tech devices your employees own.

The proliferation of personal devices (such as smartphones and

tablets) used for work purposes has led to a business environment

where personal activities commingle with work. By allowing

employees to use their own equipment, your businesses some

control over security issues. You may want to have employees sign

an agreement regarding the proper use of such devices.

4. Protect against downloading of malicious content.

 The average employee in a small business spends up to an hour

a day surfing the Web for personal use—perhaps looking at

video or file-sharing websites, playing games, or using social

media websites. And it’s not just lost work time that’s involved.

Malware and virus threats can be inadvertently introduced to a

computer network by employees via a rootkit hidden in a game

or a video clip. The best advice is to constantly update and patch

your IT systems to ensure protection.

5. Educate employees about social engineering.

One of

the most common ways for attackers to gain access to a network is

by exploiting the trusting nature of your employees. Make sure

your employees know not to provide their password over the

telephone and teach them how to recognize a phishing email.

Threats to data security can come from

many places. If you take a multi-faceted

approach that address both external

and internal issues, your business

can reduce the odds that a

breach will take place.

Hackers

Don’t

Cause All

Security

Breaches

Unhappy or careless

employees also pose

a threat to your data