Insider Threats are a Risk to Your Data—Here’s How to Stop Them

From an article by Stephen Voorhees, CISSP and Senior Sales Engineer at Veriato, published on SmallBusinessToday.com:

Most companies have already hunkered down to prevent hackers from stealing proprietary data. Their security teams have almost certainly installed powerful firewalls. Some companies may have acquired robust security systems to protect themselves against ransomware, the malicious code that cyber criminals use to encrypt your data and hold it hostage until you pay a hefty ransom.

The trouble is, there’s a far greater threat to your company’s data from people inside your organization.

“In general, the greatest data security risk is posed to organizations by insiders,” Joseph Steinberg, an entrepreneur and cybersecurity authority, wrote in a Digital Guardian blog post. “If they want to steal it or leak it, they can usually do so with far greater ease than outsiders.” As Steinberg notes, insiders “have access to sensitive information on a regular basis, and may know how that information is protected.”

Some breaches and leaks by insiders are done with malicious intent—for personal gain or to satisfy a grudge. But research suggests that most of these insider incidents—87 percent, by one estimate—are caused by human error. This might include carelessly attaching the wrong file to a message or e-mail, misplacing a USB drive or a laptop, or sharing a file (via e-mail or social media) with the wrong people. Unfamiliarity with company security rules is at the root of threats to data in 82 percent of cases. And just as calamitous, if unintentional, is clicking on malware by mistake through phishing or some other attempts to penetrate a company’s system.