Do you have a firewall protecting your business data? Most companies do. Today, firewalls aren’t enough. Firewalls may protect you from outside threats, but what about inside threats? Research shows there’s a far greater threat from people inside your organization. According to the Ponemon Institute, insiders cost the average organization $16.3 million a year. This is 12 times as much as the damage caused by hackers. Since firewalls can only protect your business from outside threats, you need a strategy to protect your organization from inside threats as well.
Understanding why these internal hacks are happening is the first step in stopping them. Common reasons include malicious intent, personal gain or revenge. Sounds scary, but don’t fret. Research suggests that over 85 percent of insider incidents happen due to human error. For example, an employee may attach the wrong file to an email and share a proprietary file with the wrong people. Another common example is clicking on malware by mistake. Amazingly, 82 percent of these cases are simply due to an unfamiliarity with company security rules.
The easiest way to prevent internal threats is with training and employee screening. This is especially the case for employees using software with restricted access. Training isn’t just about cyber-security and the rules of access. Training also includes potential punishments. By including training on actions taken against those that break security rules, you may even deter insiders with malicious intent to leak data.
Another, perhaps more controversial, way to prevent internal threats is with cyber-security tools. These tools are set up to spy on your employees. Tools look for unwarranted or illegitimate behavior patterns. For example, the unwarranted use of restricted databases.
It is impossible to eliminate all internal threats, but you can greatly reduce the root cause with solid training and restricted access to proprietary data.