The U.S Chamber of Commerce estimates that an employee is 15 times more likely to steal from a company than a non-employee. Furthermore, the economic damages to this employee theft is estimated to be in the range of 20 – 40 billion dollars per annum. So it may seem counter-intuitive, and it may be hard to accept, particularly if you want to see your staff as one big happy family, but the truth is that your own employees are more of a threat than outside assailants. Here we’ll be talking about five employee specific security vulnerabilities. Three accidental, and two deliberate.
Accidental Vulnerabilities
Bring Your Own Device: Most of us have our own laptops and smart phones, and most of us want to use our personal devices for work. After all, who wants to work like we did in the old days, when we had one phone for work and one phone for pleasure? Or have to remember which file was on which computer when we wanted to work from home? It’s much easier to use the same device for home and work, right? Not if you’re an IT professional concerned about cyber-security.
When you think “convenience,” the IT Professional thinks “increased number of unknown attack vectors”. You’re introducing new tech that may or may not work well with the current cyber-security infrastructure, plus potentially compromising corporate security by using your personal laptop (which is likely much less secure than your work computer)
Social Engineering
The human element is always the least secure aspect of any system. This is most commonly exploited through something called “Social Engineering” or “Human Hacking”. Social Engineering is when someone is socially charmed or pressured into sharing company data or login credentials. Sometimes the Social Engineer is so skilled that the employee doesn’t even realize that they have been played.
Phishing
This is a specific type of Social Engineering attack which deserves it’s own mention. Phishing is when an employee receives an email from what appears to be someone within the company, or from a corporate partner, that is actually from a malicious outside source. The attacker, knowing that the computer systems are too advanced to hack will reach out to employees posing as someone else in order to get access to sensitive information. These kinds of attacks have a 45% success rate, even on incredibly intelligent employees.
Papers in Briefcase
This is the lowest tech, and also most common form of data theft in knowledge work. This is where employees simple place some sensitive documents into their briefcase and take them home with them to sell to a rival competitor. In recent years this has largely been replaced with copying files to a portable drive, however, the principles remain the same. Having someone on the inside saves the step of having to actually infiltrate the network
Bribery
This is when one of your employees is approached by an outside party to steal sensitive information or to provide network login credentials. This is often much cheaper for the malicious party, as bribing a disgruntled employee is much cheaper than hiring a hacker or social engineer to discreetly steal the information.
You can do everything in your power to protect yourselves from outside threats, however, always be mindful of the internal threat.
WinMagic – Your Trusted Source for Data Encryption Solutions
Are you looking for ways to safeguard your company’s most valuable asset? Contact WinMagic today at 1-888-879-5879. WinMagic has been helping customers secure data through encryption since 1997.
Our products have won several awards, and we have five million clients in over 80 countries. Find out how our network security solutions can work for you and your business by speaking with a customer service representative.
