What is the biggest threat to your network security? Most people instantly picture someone from far away, holding a laptop computer and wearing a ski mask (seriously, why are they always wearing ski masks?). However, that’s rarely the case.
Your employees can be your greatest asset, but they can also be your biggest threat. Take steps to prevent disgruntled employees and untrained staff from causing security threats like data breaches. Let’s take a look at the ways that they affect your network security, and how to handle them.
Problem: Disgruntled Employees
Former employees can be vindictive. Even though they may leave the company on good terms, you can never be sure what their intentions are. A massive 60% of all cyberattacks are carried out by company insiders. Of these insider attacks, roughly three-quarters are deliberately malicious.
Those who pose the biggest threat are employees with IT experience or access to the network and administrative accounts. Consequently, these employees can strike quickly and take down your systems for extended periods of time.
Solution: Active Termination Policies
These termination policies should go hand-in-hand with HR termination checklists. The moment that a terminated employee leaves the building, you need to revoke their account access. It’s vital to set up proper termination policies so that you avoid the risk of malicious activity coming from the ex-employee.
A good termination policy will remove the ex-employee’s email access and any auxiliary software access. It should also prevent the ex-employee from physically accessing servers, firewalls, NAS devices and anything else that is critical for operations.
Problem: Untrained Employees
Untrained employees represent an open invitation to access company data. While they may not have any malicious intent, they pose a major threat to your business. Studies show that 30% of phishing emails get opened. These inexperienced employees will be the ones to innocently open malicious emails, visit unauthorized websites, download infected email attachments, and leave their computers unlocked (and open for hacking).
Solution: Proper Training and Access Levels
Your company needs to actively work to train employees on responsible digital behavior in the workplace. Having one or two scattered meetings about password security is no longer enough to protect your data. You should have informative network security training regularly (once every six months is acceptable) to keep everyone up-to-speed.
Aside from training, you should grant your employees proper levels of access. For instance, you should only give them access to whatever information they specifically need. Furthermore, granting additional access to employees means that there’s a greater risk for an accidental data breach.
When it comes to laptop and desktop computers, while you may allow limited personal activity on company devices, you should (almost) never allow employees to use their personal computers for corporate matters. You will not have control over their device, which makes you powerless to deter viruses, hacking, and theft.
Consult the experts
If you’re not sure where to start consider a network assessment to make sure you have a through understanding of your network and potential security holes. Don’t leave your security to the odds. Contact your MSP and let the experts help you create a foolproof plan to protect your business.