The Insider Threat: Your Trusted Employees Could Cause a Major Data Breach
For any business, a potential data breach is a very real possibility as a result of employee behavior, whether they’re disgruntled or careless and just unaware of the potential dangers of misusing your company’s IT equipment and/or personal devices. As we’ve talked about in the past, the majority of businesses are still thinking about security attacks coming from some the outside but more often come from improperly handled off-network devices. There is still a pervasive lack of knowledge around the types of sensitive information that are contained on the numerous devices that almost all employees have access to these days.
In the Sony data breach in late 2014, there has been a lot of speculation that an employee(s) or former employee(s) had to be involved with outsider hackers in order to gain as much access as they did. One security expert, Kurt Stammberger, is quoted as saying:
“Sony was not just hacked, this is a company that was essentially nuked from the inside. We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history.”
One of the worst data breaches to date, and many security experts agree, insiders were key to this attack. This should be a major concern for IT professionals and executives today.
As we’ve seen with previous data breaches, disgruntled employees can pose a serious risk to a company’s data security. They might be looking for financial compensation or just be looking to enact revenge. But employees who are ignorant of the data they could be exposing can be just as dangerous, if not more so. Sensitive data can easily be leaked over long periods of time or in large quantities by careless employees, who have access to company networks through company devices or their own personal devices.
The danger lies in their lack of knowledge of the threat they could pose to your business. Most of the time, these employees are simply trying to do their jobs by working more conveniently, efficiently, and outside the office. Unfortunately, in many ways your trusted employees are putting your company at risk. Some of the ways employees may be exposing sensitive data, include:
- Using personal, unprotected email accounts to send sensitive information due to corporate email file size limits and/or speed
- Saving files via email or on other devices to use at another time
- Losing (as a result of carelessness or theft) a computer, smartphone, or other device that contains sensitive company information
In addition to putting policies and procedures in place and training employees how to handle sensitive company data on all devices, companies need sound IT asset management and deployment procedures to ensure they’re as protected as possible. We’ll talk more specifically about these topics in later articles.
To learn more about the threat that embedded data can post to your company, please download our white paper: Embedded Data: Your “Hidden Secret” to Stopping a Major Data Breach — A call for awareness to the security threat of embedded data. It aims to educate customers and the public at large about the potential exposure and hidden dangers of embedded media if it falls into the wrong hands.