SPRING 2017
7
W
hen you think of security breaches, anonymous hackers
probably come to mind first. They certainly are respon-
sible for many computer viruses and phishing attacks.
But hackers are not the only culprits. Security breaches can also occur
from inside a business—ranging from deliberate actions by dis-
gruntled employees to accidental breaches caused by human error.
Don’t wait for a problem to occur. Review these basic precautions
to help protect your company data from internal threats:
1. Revoke account access when an employee leaves.
This
is the single best thing you can do to prevent security breaches.
Here’s a cautionary tale: In one case, a system administrator was
terminated for cause. As he cleaned out his desk, he deleted one
file—the file that held all the encryption keys for the employees
and the corporate escrow key for all the encrypted files held by
the company. The 20-plus employees who used the key from the
server lost access to all their encrypted files. With one keystroke,
everything those employees had done for the previous three
years was lost.
2. Do your backups.
An essential safeguard against internal data
sabotage is having an effective backup system to keep mission-
critical data secure. This statement can’t be repeated often enough.
3. Account for data and tech devices your employees own.
The proliferation of personal devices (such as smartphones and
tablets) used for work purposes has led to a business environment
where personal activities commingle with work. By allowing
employees to use their own equipment, your businesses some
control over security issues. You may want to have employees sign
an agreement regarding the proper use of such devices.
4. Protect against downloading of malicious content.
The average employee in a small business spends up to an hour
a day surfing the Web for personal use—perhaps looking at
video or file-sharing websites, playing games, or using social
media websites. And it’s not just lost work time that’s involved.
Malware and virus threats can be inadvertently introduced to a
computer network by employees via a rootkit hidden in a game
or a video clip. The best advice is to constantly update and patch
your IT systems to ensure protection.
5. Educate employees about social engineering.
One of
the most common ways for attackers to gain access to a network is
by exploiting the trusting nature of your employees. Make sure
your employees know not to provide their password over the
telephone and teach them how to recognize a phishing email.
Threats to data security can come from
many places. If you take a multi-faceted
approach that address both external
and internal issues, your business
can reduce the odds that a
breach will take place.
Hackers
Don’t
Cause All
Security
Breaches
Unhappy or careless
employees also pose
a threat to your data