The Threat from Within
Written by: Twin City Group
Quick, think of a business that’s not connected to the internet. If you thought “ditch digger” you’d be wrong. Ditch diggers carry cell phones, and they send invoices just like most other contractors. With so many businesses connected to the internet, it’s no wonder we hear so much about cyber threats from hackers. We’re usually told how a syndicate of deceit working out of Russia or China is out to breach your network, but your network is probably more at risk from your employees. Whether it is a result of ignorance, laziness, or malice, your cyber threat can come from within.
Terminated or Laid-off Employees
Terminated employees, can represent a significant security threat to any organization no matter the size or employee count. According to Ponemon Institute, a Tucson-based research group, a 2009 survey of 945 adults who have been terminated, laid off, or changed jobs the previous year, 79% of those surveyed admitted to stealing data from their company. The stolen data was made up of email lists, non-financial information, employee records, and financial information. Some of the respondents thought they would need the data to help get new employment, others believed they could monetize it, and some even admitted to doing it to hurt the employer for terminating them.
Improperly Trained or Naïve Employees
In many cases, security specialists have found that security measures were not an important part of the employee onboarding process. The quickest way to introduce a virus into a business network is through an innocent looking email. Many business owners and their management staff fail to comprehend the devastation that can take place through an emailed virus and thus, do not prioritize the necessary training for staff members and management. Even top level managers who have experienced a “ransomware” event are too embarrassed to discuss it with their security personnel because they were surfing websites that are known for being less than trustworthy.
Employee Intentional Data Theft
Although background checks can reveal former discretions of potential employees, it will only reveal discretions that a potential employee has been caught at previously. Every organization is at risk of having employees that appear to be doing a great job after being hired, but may have a more nefarious reason for being on the job. We frequently hear about restaurant servers copying information from a consumer’s credit card and then going on a shopping spree. We’ve also heard about a nursing assistant that managed to use your personal information for committing identity theft. No organization is immune to employee malice, no matter how well you’ve screened your applicants.
Training and Protection are the Key
Every organization, whether a Mom and Pop, small business, or large business must develop a plan to protect the data of its employees and customers. Management needs to understand the financial repercussions that can result from a data breach. Every state has a laundry list of expensive actions that must be taken in the event of a breach, not to mention how many customers you stand to lose if your organization is responsible for their identity theft.
Security software and proper training are your first lines of defense. Every employee, manager, and company officer must be trained on best practices for cyber security and held accountable for failing to follow them. Your business can get financial protection by purchasing a comprehensive Cyber Liability policy for when the worst case happens because it usually will.
Most insurance companies that specialize in Cyber Liability will offer the necessary information and best practices to implement in your organization and in many cases, they’ll offer a discount if you agree to implement them.
The experts at Twin City Group, a 100-year-old insurance agency, have experts you’ll want to speak to about Cyber Liability Insurance. Take the time to call Jacob Sheehan at (952) 924-6968 and get the expert advice you need to navigate the Cyber Liability Insurance policy and make an informed decision.