Don’t Become an Insider Threat to Your Organization

Shadowy, state-sponsored hacking groups with deep pockets, sophisticated tools and political connections are behind many of the world’s most notorious cyberattacks. For most organizations, however, employees, contractors, business partners and other insiders pose a far more imminent threat.

Trusted insiders are responsible for many of the threats facing organizations today. While some involve disgruntled employees or contractors, most are caused by employees who unintentionally mishandle sensitive data or commit policy violations while looking for more efficient or convenient ways to get their work done. The Ponemon Institute reports that “careless insiders” are responsible for about 75 percent of all insider threats and cost organizations $6.6 million every year.

The following suggestions can help ensure you don’t become an unwitting threat to your organization’s security:

  • Think before you click. Don't open emails from senders you don't recognize, don’t click on email links if you aren’t certain that they are legitimate, and don’t open email attachments or web links unless they are expected and come from a trusted source.

  • Lock down devices. Encrypt and password protect any phones, laptops or other devices used to access company resources. Use remote wipe solutions so you can erase data if a device is lost or stolen.

  • Keep work and personal devices separate. Don’t use company devices for personal business and don’t access company resources from personal devices.

  • Practice good password hygiene. Use strong passwords or pass-phrases with a mixture of alphanumeric characters. Never share passwords with colleagues or partners. Don’t reuse passwords. Delete old accounts you no longer use, along with the associated login credentials.

  • Use Wi-Fi wisely. When working remotely, your home Wi-Fi network effectively becomes part of the company’s network. Change the wireless router’s default password, disable the remote administration feature, and update security settings to WPA2 or WPA3 encryption.

BlogJack CohlmiaInsider Threats, Cybersecurity, Tips