k_Street Consulting, LLC Blog
Is Your Business Being Attacked From the Inside?
With cyberthreats the way that they are, a lot of industry professionals go on and on about the importance of deploying technologies designed to reduce the potential threats that a business has to confront. This technology isn’t cheap and while they absolutely do help you protect your technology and data; today’s hackers know that. Unfortunately for small business owners, that shift has left your staff on the front lines of cybersecurity; a place they really shouldn’t be. Let’s discuss cybersecurity from an employer’s perspective.
Today, there are literally billions of phishing emails sent each day. Inevitably, you are going to confront this problem, and depending on your staff’s preparedness (or intentions), you will either deal with them or they will likely deal with you.
The first thing that you should know is that you have to train up your staff about phishing and other issues surrounding your organization’s security. They have to understand social engineering tactics used by scammers to infiltrate networks, steal data, and deliver malware. If they are left in the dark about these issues, you will likely see a plethora of cybersecurity problems in your immediate future. It’s good to be lucky, but you’d rather be good.
Once you’ve committed to a cybersecurity training regimen for your staff, you then have to understand that there are three manners of attack that come from inside your network. Let’s take a look at them:
The first type of attack is brought on by mistakes. Those are instances where you have trained your people and they are committed to help you protect your business’ IT but made a mistake and it has caused problems. Most mistakes are only a mouse click made in error. Mistakes do happen and since there is absolutely no malice behind it, harsh reprimand of that employee, while probably warranted, will surely bring out the water works. You don’t want to alienate your staff (or your entire workforce) so if someone makes a cybersecurity mistake, and it is remediated quickly, there’s no real harm done. You will want to re-train this person and test them, so you know they understand what your policies are.
An employee that continues to make mistakes isn’t just a doofus, they are neglecting their responsibilities. Negligent behavior is at the center of a large percentage of the security breaches seen in business today. It can be characterized by an ambivalence to your business’ stated goals that is shown by repeat offenses that put your network and data in jeopardy. It may start with a simple mistake, but if an employee continues to make careless mistakes, it could really put the business behind the eight ball. Cybersecurity negligence is just like negligence in other aspects of the business and can’t be allowed to continue.
The employer-employee relationship isn’t always easy. In many businesses, there is a direct conflict of interest. Employers are known to overstep boundaries in the name of productivity and employees are known to get fed up with it. People get disgruntled, people are fired, people quit. There are rare occurrences where the relationship gets so bad that current or former employees will use their access to your company’s systems to try and sabotage an element of it, or the entire thing. In the rare cases where this does happen, it can lead to complete destruction of a business. If you have had to let someone go, or they have quit, you will want to immediately remove any and all of their credentials so that they have absolutely no access to your business’ digital resources. If the saboteur still works for you however, there may not be much you can do until their dastardly plan unfolds. It’s important, then, to treat your employees with the same respect as you expect from them. A fair employer won’t run into sabotage very often.
Keeping your technology systems running and working for your company is imperative for today’s businesses. If you would like help with security strategy or with deploying tools call the IT professionals at k_Street Consulting, LLC today at (202) 640-2737.