Employees Pose the Largest Cyber Security Risk for Businesses

Dilip Barot, founder of Creative Choice Group, talks technology for small businesses and key risks from lawsuits and security breaches.

11-13-15 - Employees Pose the Largest Cyber Security Risk for Businesses

We have all heard the horror stories of computer hacking and cyber-crime. Online hacking and computer breaches continue to hit large retailers like Wal-Mart, Target and Home Depot; tech companies like Apple, and even financial giants like J.P. Morgan Stanley.  In the breach at Target three years ago, it is estimated that personal information for over 110M customers was leaked at large. Based on the current trends it would seem that nobody is safe from cyber-attack.  In fact, a study conducted by Ponemon Institute reported that a staggering 43% of businesses experienced some form of security breach. As a small business owner and property manager of commercial real estate in Florida, Texas and in India, security is a big concern for me.  It is important to understand where there are weaknesses, especially to avoid financial risk and lawsuits.  But more importantly, I want to protect my assets and create a safe environment for my employees, customers, and residents.

I can tell you that having multiple business locations puts more pressure on our team to create secure networks and polices.  From our Etech Global Solutions team in Texas, to Infocity in India, to my local Florida team at Creative Choice Group, we have employees and assets around the globe.  Probably like you I receive sales calls almost daily from companies promoting approaches to create a secure computing environment.  And while technology is important, I was amazed to learn that the primary culprit in data breaches is not a computer program or a virus in the network. In fact, the weak link is people!

According to a recent report in CIO magazine, there are 3 key risks that business owners and managers need to be aware of that are all tied to people.

  1. Disgruntled Employees.  “Internal attacks are one of the biggest threats facing your data and systems,” states Cortney Thompson, CTO of Green House Data. “Rogue employees, especially members of the IT team with knowledge of and access to networks, data centers and admin accounts, can cause serious damage,” he says. Indeed, “there [were] rumors that the Sony hack was not [carried out by] North Korea but [was actually] an inside job.”Experts recommend to mitigate these risks you should actively monitor security access and terminate rights to those employees that are no longer with the company. Allowing a recently fired employee to access sensitive company or customer data is a true threat and one that can be avoided with timely coordination between IT security and HR.  This is especially important when you have large amounts of movement in your employee base, like a call center. Our Etech Global Solutions team has an automated process between our HR/Payroll system and security administrators.  New hires and newly terminated employees are updated almost real-time to create a secure environment for our team and our customers who trust us with their customer records.
  2. Careless Employees. “A careless worker who forgets [his] unlocked iPhone in a taxi is as dangerous as a disgruntled user who maliciously leaks information to a competitor,” says Ray Potter, CEO, SafeLogic.   It is important to train employees on security best practices and to institute strong password requirements.  You should also promote proper guidelines for surfing the web using company assets and ensure employees are not clicking on links in suspicious emails or opening email attachments that may pose a security threat to their employers’ systems and data.  Sounds easy enough but things are not always what they seem.  Being aware is half the battle.
  3. Mobile phone users.  Lastly, data theft is at high vulnerability when employees are using mobile devices [particularly their own] to share data, access company information, or neglect to change mobile passwords,” explains Jason Cook, CTO & vice president of Security, BT Americas. “According to a BT study, mobile security breaches have affected more than two-thirds (68 percent) of global organizations in the last 12 months.”  It is important to set security guidelines for mobile devices (as well as computers) that may be used to access your company information. Protecting yourself from malware, online predators and scammers is a key to long term success and retaining client confidence.

Take the necessary steps to educate your teams to protect yourself and your clients.  Remember the bad guys could be just a click a-way.  Cyber security is real and it starts with your own people.