The Greatest Threat to Your Company’s Data And, How to Minimize It – Part 3: Getting Down to Brass Tacks

“We have met the enemy and he is us.” – Pogo

Review

Our last two blog posts have focused on revealing the greatest threat to your company’s security. The first cited a 2018 report published by PricewaterhouseCoopers that indicated cyber threats to the security of company data are continuing to increase and that employees are the top sources of security incidents. The second shared the finding that “100% of government entities see their own employees as the biggest threat to security.”

This week we wrap up the series by getting ‘down to the brass tacks’ of the best practices you can implement to minimize the greatest threat to your company’s security.

Respond

Myrtle Beach Data Loss PreventionKnowledge is power only if we use it. Now that we are aware that the greatest weakness in our systems appears to be the users, how we respond to that knowledge is key to protecting your data. Here are a few recommendations for your business.

  • Establish policies that define usage rights and responsibilities.
  • Develop a training program. The program should be formal and documented. Each module of the program should be comprehensive and comprehendible.
  • Start at the beginning. Include employee security awareness and expectations when onboarding new employees. Include computer use policies and cybersecurity awareness and practices as an essential part of employment.
  • Train continuously. Avoid falling into the “one-and-done” trap so common in business training. People to not retain everything they learn. Remind, review, and update training continuously.
  • Put employees to the test. Some companies have gone on phishing excursions. The company creates and sends “fake phishing” emails to employees to see who, if any, responds to them. Use the results to coach those employees and, discreetly, use their cases as examples during employee training.
  • Evaluate employee security performance. Cybersecurity has become an important and essential part of your business. It should, therefore, become an important part of the regular employee evaluation process.
  • Raise awareness of new threats. Stay abreast of new cybersecurity concerns as they arise. Communicate those dangers to your employees. Add the new threats to your cybersecurity training.
  • Reward employee performance and compliance. When employees spot a potential security issue, recognize their contribution. Do the same when they “pass” phishing tests or demonstrate an exemplary approach to their use of your technology.
  • Don’t expect perfection. Yes, after all, we are human. That is what makes employees the biggest threat to your company’s cybersecurity. An occasional reminder that you, too, are human is always helpful. The mistake that is made could be yours.
  • Always err on the side of caution. Need we say more?

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
2105 Leopold Street
Johns Island, SC 29455
843-282-2222 Office/Fax
843-902-6885 Cell

The Greatest Threat to Your Company’s Data And, How to Minimize It – Part 2

OOPS!

Oops! That’s the word you never want to hear from your barber, your surgeon, or your pilot.

Business owners are beginning to realize that it is not what they want to hear from any employee working at a company-owned computer – or a BYOD computer linked to the company system.

Last week, we shared some statistics that indicate that company employees may be the biggest threat to your digital data (click here for part 1). To underscore that foundation, we were stunned by one of the findings of a Netwrix 2017 IT Risks Report of government agencies:

“100% of government entities see their own employees as the biggest threat to security.”

Think about that for a minute. Not malware, not data breaches, not hackers, but employees.

The attacks may come from the outside, but the biggest threats are the employees on the inside. In fact, the report also revealed that 57% of actual security incidents among those agencies in 2016 we attributable to employee human error.

computer errorBefore taking comfort in “only 57%,” the remaining 43% had their root cause in “insider misuse.” In this case, insider means “employee.”

Obviously, we are trying to make a point here. It is not that you should consider your employees to be ill-intentioned culprits. It is that you should understand the reality that, although they are probably not the attackers, they are the actors via which attackers gain access.

ICU

Before we share some of the finer details and proven ways to protect your technology from damage by your own personnel, which we shall do next week, we want to emphasize and re-emphasize that the essentially cornerstone of security protection for your technology is having an ICU approach. Perhaps we should say an “I see you” approach.

We are talking about an approach in which activity is monitored for the ability to identify aberrations that typically point to security issues and better position your company to handle the potential threats to your systems.

SPY

Secure and Protect Your Technology

Other than the logistical and operational issues we will discuss in the next article, there are two important obstacles that business leaders must foresee prior to making a bona fide commitment to protecting your technology.

1.   The rapid advance of digital technology is not going to stop or slow down to wait for you to catch up or keep pace.

2.   Some employees will perceive monitoring as a violation of their rights.

In Daniel Boone’s day, advancing pioneers secured a position then developed their operational resources within. Today, new resources are coming at us at a furious pace that security often follows rather than leads. If you are going to commit to advancing technology, you must commit to guarding it.

Employees (those people whom government agencies see as their biggest security threat) must be groomed to understand that it is not their activity that must be protected. It is your data. And it is your digital technology. Reasoning to the next level, savvy employers must change to employee paradigm in such a way that they become protectors of your security rather than perpetrators of OOPS moments that could bring your business to its knees.

You don’t have to be a techie or a geek or understand all the ins and outs of cyberspace. We are here to help you guard your technology. The first step is raising your awareness of the need before the need becomes an emergency. The next step is raising your employees’ awareness.

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
2105 Leopold Street
Johns Island, SC 29455
843-282-2222 Office/Fax
843-902-6885 Cell

The Greatest Threat to Your Company’s Data And, How to Minimize It – Part 1

Yep! That’s one of them.

Surprise!

It’s not hackers and scammers who are the biggest threat to your company’s data security. It’s your employees. And it’s not just because they haven’t learned to keep their coffee away from their keyboard. That’s so late last century.

Speaking of last century, the employee culture then and now are almost polar-opposites. In the 1990s most office staff were unfamiliar with PCs. They were on a learning curve of which the leading edge was the fear of doing something wrong. God forbid that they should do anything that would cause a mistake or to “mash a key” that would create a data error.

Nearing the end of the second decade of the 21st century, the workforce is replete with older employees who have long ago learned the ropes and the next generation that knows no fear. Employees whose first words were “momma, digital, and daddy,” have replaced the retirees who had learned just enough to get by before they got their gold watch (or their pink slip).

The bigger problems today are complacency, carelessness, curiosity, and the occasional class clown. Every research report we have read agrees that the overwhelming majority of data breached can be traced directly to employee negligence. For example,

  • An IBM report indicated that 60% of the cyber-issues reported were caused by insiders.
  • A government survey reported that 57% of cybersecurity incidents were caused by human error.
  • A 2018 PwC report indicated that cyber threats to the security of company date are continuing to increase and that employees are the top sources of security incidents.

Should You Be Worried?

That depends. If you think that your employees are so special that your company is exempt from the reported realities, the answer is yes.

On the other hand, if you take the potential loss or corruption of your business data seriously, and you are willing to take some reasonable steps that will help to ensure that you can reduce the insider threats to your digital technology, the answer is still yes. But you should be able to worry a lot less.

What Should You Do?

We could spend an entire article offering best practices and guidance for guarding your technology in house. That’s what we will do in our next post. Sure, we could do list them here, but we’re going to limit this article to the first and most significant step a business owner must take.

It all depends upon you.

That’s right. The only way to reduce insider threats – malicious, mischievous, or mistakes – is for ownership to make protection of data and technology a priority for your business.

Next week we’ll share some proven ways to protect your technology from damage by your own personnel.

You don’t have to be a techie or a geek or understand all the ins and outs of cyberspace. We are here to help you guard your technology. The first step is raising your awareness of the need before the need becomes an emergency.

We are as concerned about your technology security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

Joe Thibodeau
Tech Sentries Inc
2105 Leopold Street
Johns Island, SC 29455
843-282-2222 Office/Fax
843-902-6885 Cell