The inside job: How hackers are stealing data from within

Is-your-company-safe-from-internal-threats_459_40107048_0_14123204_300-300x200Data breaches have a pretty specific public perception these days. Media focus on cyber attacks resulting in the loss of private information has led many to believe that outside hackers are the only way companies can lose control over their data. While these events obviously need to be taken seriously, recent Trend Micro research has found that only one quarter of breaches can be linked to cyber criminals.

Many companies ignore the possibility of internal employees being responsible for the loss of private information. It can be hard to scrutinize the people working daily to build up your organization, but data breaches coming from inside the business aren’t something to be taken lightly.

Many employees willing to sell information

While every employer would like to believe that their workers can be trusted, the sad reality of the situation is that some staff members are ready to sell company data for personal profit. In fact, a recent study conducted by Clearswift highlighted the danger many businesses face when trusting their employees with highly-sensitive information.

The report states that around 35 percent of workers would sell private company data if someone offered them the right price. While that number should certainly be alarming to any administrator, the truly frightening part of the report came from how little some people are willing to accept in order to betray their employer.

The study found that around 3 percent of employees would give up this information for only $155. Although 3 percent certainly isn’t a large portion of your workers, this part of the report highlights just how dangerous it is to let every single employee have access to sensitive information.

Sometimes it’s just naivety

Even though there are clearly employees at every organization willing to sell company information to the highest bidder, simple greed isn’t the only cause of internal data breaches. Many times, private data can be exposed simply because an employee doesn’t know the dangers of a certain action.

Take, for instance, the test that was conducted by the U.S. Department of Homeland Security. Officials from the agency went around to multiple governmental buildings and placed flash drives in the parking lots near employee vehicles. The object here was to see how many workers would find the flash drives and plug them into their work computers, thereby risking the safety of their building’s private internal network.

What the agency found was shocking. Around 60 percent of employees went right ahead and connected the devices into their computers without even considering that these flash drives could contain malware. That statistic is high enough as it is, but apparently putting an official company logo on the side of the flash drive increased plug-in rates to 90 percent.

What this shows is that internal leaks don’t have to be the result of greed or disrespect for company administrators. In many cases involving data breaches coming from inside the organization, simple ignorance to proper cyber security best practices is all it takes.

What can company administrators do?

Although this has been something of a bleak look at the employer-employee relationship, it’s important to note that it’s not all bad. The majority of workers are good, trustworthy people that also know how to avoid mistakes of naivety. That being said, company administrators do need to worry about the minority of staff members that would cause a data breach for one reason or another.

Thankfully, there are some pretty easy steps officials can follow to avoid cyber crime.

  1. First, employers need to sit down and have an honest discussion with their workers about cyber security and how to avoid cyber threats. Many employees simply don’t understand the risks of plugging in unknown flash drives, and as such administrators need to have a comprehensive conversation that underlines what should and should not be done in the workplace.
  2. After this, Trend Micro recommends that employers limit the number of people with admin privileges to only those that absolutely need these abilities on a regular basis. While this might slow operations up a bit, it’s an absolutely necessary step. Figuring out who’s responsible in the wake of a data breach is hard enough, but doing so with a multitude of employees with admin privileges is an absolute nightmare.
  3. Finally, administrators should look into cyber security software. As stated above, human error is a big part of workplace mistakes, and as such it’s a lot easier to leave certain duties to mechanical minds. The Interscan Web Security Virtual Appliance service provided by Trend Micro allows administrators to manage live web use across the company. This allows officials to keep tabs on who is doing what, thereby letting them make sure workers aren’t getting ready to sell sensitive data.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.