When analysing how to build a sufficient IT security framework, many businesses do not realise that their biggest security threats could come from their own employees rather than outsider threats.
Most companies of any size contemplating IT security focus heavily on cybersecurity software to stop hackers in their tracts. This is definitely an essential part of any good cybersecurity plan.
However, they often overlook threats closer to home. Whether by accident or maliciously, your own staff can lead to some of the most significant and damaging security breaches.
This can be through falling for exterior sourced scams, e.g., by opening a phishing email or clicking suspicious links, but it can come entirely from within, such as handling company data in an unsafe manner or deleting files.
The rise in remote working e.g., hybrid working, working from home, and working abroad, has increased the likelihood of cybersecurity breaches caused by human error.
This is because home networks are less secure, and employees are less scrutinised and so errors or mistakes may go undetected for longer.
Despite the many productivity and lifestyle benefits of WFH, it continues to pose challenges to businesses on the IT security front.
According to a 2020 study by Malwarebytes, 20% of respondent businesses said they faced a security breach as a result of a remote worker.
Why Should Companies Be Concerned
Even those companies that are aware of the security holes posed by staff may not truly appreciate the repercussions for their business if an employee did cause a breach or delete a file.
The average cost of a data breach in the United States in 2022 was $9.44 million, according to IBM data and the company Cybersecurity Ventures predicts cybercrime will cost $10,5 trillion annually by 2025. Therefore, these are not minor incidents for businesses. There are substantial financial, legal and reputation risks that come with a data breach or loss of data depending on the information that is compromised.
The human element is the most common threat vector in studies carried out on data breaches. It was the root cause of 82% of data breaches, according to Verizon’s “2022 Data Breach Investigations Report.”
To give a better picture of the landscape of cyber threats, let’s take a look at different potential cyber threats.
Types Of Cyber Threats Against Businesses
- External cyberattacks – This would be your traditional hackers trying to steal your data using phishing, malware, ransomware, and viruses. Businesses should invest in the best cybersecurity software to defend against these threats, for example, Sophos, Symantec, Barracuda, or Avast Business.
Research by Symantec found that 71% of all targeted attacks started with phishing scams. These are emails sent by criminals that look to have been sent by a legitimate company and ask for sensitive information.
- Malfunction – This is another type of threat that doesn’t come from external hacking, but also isn’t always human error either. Malfunctions and software errors can happen spontaneously. They can also be caused by human error, accidents, or even natural disasters. Some examples could include electrical disturbances, coffee spillages near the server, an electrical fire, or even the roof leaking during a severe storm. This could all result in damage to hardware that could cause a loss of precious client or company data.
- Threats From Insiders – There are two kinds of threats that can come from your own staff.A) Human Error AKA Accidents and MistakesImagine Phil from your admin department opening a suspicious email, or Kira from programming accessing insecure networks in a coworking café abroad. Perhaps James from sales has been handling client data on his personal email address and sending that data outside of the company network while working from home. Even Natasha from accounting could accidentally delete the wrong file and not realise it for several days so that there is no auto or emergency backup. These scenarios are very easily done and can cause serious problems for businesses if they lead to a breach or lost files.But why do some of these accidental human errors take place?
- 44% of surveyed staff said they weren’t provided cybersecurity training focused on the potential threats of working from home
- 28% admitted that they’re using personal devices for work more than their company devices, which could open the door for cyberattacks
- 18% of businesses acknowledged that cybersecurity was not a priority for employees
- 45% of businesses surveyed didn’t analyse the security or privacy features in the software tools considered necessary for remote working
- 68% did not deploy a new antivirus solution for work-issued devices
Human error is also the most common reason that attacks from outside are successful and lead to breaches. 47% of employees cited distraction as the reason for falling for a phishing scam while working from home.
B) Malicious Intent
While human error is a major problem for companies, malicious intent from staff or ex-employees is even worse. Imagine that Peter is disgruntled with his pay and working hours. He’s never addressed the issue or raised it, so you don’t realise but has grown bitter and resents the company. He sometimes passes private company and client data to hackers or competitors out of spite. Another worrying scenario might be Melissa who was sacked only a few days ago, but she’s retained her company laptop and never returned it. No one has realised or pushed to get it returned because it’s too much hassle. Not only has she retained her laptop but, unbeknownst to most managers, she has retained access to some files and data. She could purposefully delete vital company files as payback for being sacked until someone realises that she still has access and blocks her. It may not have been obvious for months.
This is not far-fetched at all. Let’s look at the hard data.
- 26% of survey respondents report they are currently tempted to keep copies of valuable company data in case “the worst comes to the worst” (the company becomes insolvent, or they lose their job).
- 30% of security events in the last 12 months reportedly involved staff working against their own employers.
- 60% of data breaches are caused by insider threats (Goldstein, 2020).
- 68% of organisations have observed that insider attacks have become more frequent over the last 12 months (Cybersecurity Insiders, 2020).
- 61% of companies have had an insider attack in the past year (Bitglass, 2020).
- 60% of organizations had more than 20 incidents of insider attacks a year (IBM, 2020).
- According to Ponemon Institute’s 2022 report; Cost of Insider Threats, insider threat incidents have increased by almost 50% over the last two years and have become more frequent.
- The cost of credential theft to organisations increased by 65%.
How Can Businesses Protect Against These Issues?
While it may be disheartening for businesses to acknowledge the significant threat from their own employees, you are by no means powerless to prevent breaches by human error or maliciousness.
In addition to the cybersecurity software mentioned above, there are other programmes, systems, and services that businesses can utilise to improve their security. There are even systems that can specifically aid against human error and malicious staff actions.
IT asset tracking and IT asset management are some of the primary methods for guarding against these problems. Data backup systems are also among the strongest protections against staff deleting important files.
Luckily, Hardsoft has developed the ultimate secure business IT collection.
Using Hardsoft’s Secure Business IT Collection
Standard business-grade cybersecurity software should always be the first port of call. Hardsoft’s cybersecurity experts can advise companies on which software will be most effective for their needs based on their industry and level of vulnerability.
IT Asset Tracking and Management – This allows businesses to oversee their full flock of hardware across numerous offices and even in employees’ homes. This tracking gives companies a better grasp of all their IT devices, so none will be overlooked or forgotten when an employee leaves the company. The management side allows your company directors to remotely control exactly how staff can use your business hardware.
Shepherd is Hardsoft’s own MDM (Mobile Device Management) software. Using this system, businesses can control which apps and programmes employees are able to download onto their business IT devices. With Shepherd you can even control when they can use certain apps and if certain apps can be open when accessing company data and files. Directors can also set passwords and encryptions, as well as automatically push out security software and updates to all devices automatically wherever they are. This prevents the vast majority of cyber security breaches from happening by human error since companies have granular control of how devices are used even with WFH staff. Other tasks directors can carry out with Shepherd are setting allowed networks, remote real-time monitoring, and troubleshooting, and fully wiping and blocking devices that are suspected of being compromised, lost, or stolen.
MDM systems are among the strongest at preventing IT security issues through human error or negative intent since it gives companies such a high degree of control. The tracking allows businesses to have a strategic overview of their flock. This also boosts security since it is easy to identify when devices are not returned, standing idle, or are in need of update, repair or recycling.
Strategic IT Management And Proper Retrieval and Storage Of Devices – Of course, having implemented Shepherd MDM and gained that level of oversight and control, the question becomes what to do about it. If you know that a piece of hardware needs retrieving or upgrading, what can you do about it?
This is where the next member of the secure IT business collection comes in. Boomerang is the perfect IT asset management accompaniment to Shepherd. This is because the Boomerang system from Hardsoft provides complete device life-cycle management. That includes repair, upgrades, and even recycling components of computers using the greenest methods. It takes so many IT chores off business owners’ plates.
This is all very convenient operationally for businesses, but how does it enhance IT security?
For starters, it offers businesses strategic control over their devices without having to lift a finger. Repair and recycling become a breeze, but the advantages go further. Boomerang can retrieve devices from offices but also from ex-staff’s homes. It has a high retrieval success rate since it arranges a one-hour time slot from the collection point so that no one is waiting around or inconvenienced. Your staff or ex-staff don’t even have to package the IT equipment. Everything is handled by Hardsoft.
This vastly reduces how much ex-staff can interfere with the running of your company and prevents businesses from losing equipment to ex-staff.
Boomerang can then repair and fully reconfigure the apps and software on a device ready for your next hire and then redeploy the hardware straight to them, hence the name Boomerang. It is ideal for getting the most out of your hardware investments.
This Boomerang system can even offer affordable, secure storage of hardware if businesses want to keep them but don’t want them standing idle while waiting for new hires to join. This ensures devices are always safe and never pose a security risk.
Have Copies and Backup of Precious Data And Files – Malicious or accidental file deletion is always a tricky one for businesses to handle. While not as overt as a full data breach, a deleted file can still be devastating for a business. With just a click, a disgruntled employee could remove a vital piece of work for a client and set a company back months and damage their reputation. Accidental wrong file deletion is also a very easy mistake to make with big consequences depending on the data deleted. The best way companies can protect against this problem is via cloud data backup systems. Squirrel is Hardsoft’s own cloud data backup system. Just as Shepherd is ideal for protecting your flock of hardware, Squirrel is ideal for protecting all your digital nuts of data. Squirrel is special not only because it is cost-effective, but because it backs up what most other systems don’t. It is perfect for securing all your company files and Microsoft 365 data. It notifies you via email for each backup and backups themselves can be controlled within a portal.
Protect Hardware Against Unforeseen Incident And Malfunctions – As we outlined above, there are more ways that data and hardware can be endangered. Unforeseen circumstances can cause malfunctions in hardware which can result in data loss and asset loss. These circumstances could be everything from theft and vandalism to non-deliberate accidents such as dropping or spills. Some negative circumstances don’t even involve humans, it could be a natural disaster like a flood or electrical malfunction. This is why it is crucial for companies to have suitable insurance coverage for their IT hardware. Unlike insurance from third-party insurance companies, SafeGuard insurance by Hardsoft was designed by IT experts. It allows all your IT services to come from one source. This increases expediency. SafeGuard offers some of the most comprehensive IT coverage for the lowest prices. It is among the cheapest IT hardware insurance on the market yet covers businesses against theft, flood, fire, storm, electrical issues, theft, vandalism and more. It can be applied to aboard staff and has none of the usual loopholes that insurance companies use to avoid paying out. Best of all there is no penalty for making a claim, your premiums will not increase in the next year. The fixed three-year pricing shields businesses from price increases due to inflation.
With SafeGuard insurance, businesses will receive fast replacements, repairs, and payouts to cover all these unforeseen problems.
With the secure business IT collection of services from Hardsoft, companies can be fully protected from the actions of employees and ex-staff. Human error and malfunction are no longer such a threat.
Ryan may have been with HardSoft since 2008, but has confessed he “might still be on probation, we haven’t really talked about it”. The move to Devices for Teams by HardSoft was a natural one for him. “I like a challenge and prefer solution selling or trying to find the right product for a task”.
Ryan specialises in MDM, Jamf and Cisco Meraki and his interests include Films, Gaming and a proper cup of tea!
LinkedIn: Ryan Kelly
Tel: 0204 551 0473