These days, it seems most people have a security story. Viruses, malware, hackers, ransomware, all of it is more prevalent than ever before. So, with the increasing number of outsider threats to an organization, the findings in a BetaNews report published last year may surprise you. Do you know what the 187 cybersecurity professionals named as the most overlooked security threat in enterprises today?
Insider threat and uneducated users.
That is right, and over half of the interviewees agreed. Although sometimes the activity of insiders may be malicious, often it is because end users are just trying to get their job done and don't understand how risky their behavior is to the organization.
- An end user is working late and needs something to get their job done. Instead of waiting for IT, they download it off the internet so they can meet a deadline. Downloading something unverified or from an untrusted or unknown source whether from the internet or an email can cause big trouble, especially if they are connected to the network.
- Headed out of town for an extended weekend, an end user emails a sensitive document to themselves in case they need it while they are OOF. They get a call from their boss and connect at a local coffee shop to open the file and get her an answer. Connecting from an unsecured network could give even an unsophisticated hacker access to that data.
- What about sharing the joy of their new dog, "Daisy". Or sharing their 5 year wedding anniversary on social media? While it is their right to share personal information publicly, this can make it easy for a hacker to decipher their passwords and access their accounts. That's right "Daisy2013" is not a strong password, so sharing password best practices with your team is important.
The point is, that even activities that seem harmless could be the access point for malicious activity and these "small" oversights are costing organizations big money.
A Ponemon Institute published a report based on interviews with 280 IT and cybersecurity practitioners at 54 U.S. enterprises, each with 1,000 or more employees. Each of those enterprises experienced “one or more material events caused by an insider” during the 12 months immediately preceding the survey.
The average cost per negligent employee/contractor incident? $206,933.00 USD. Ouch!
In looking at the security policies and procedures in your organization, do you have anything that is focused on the education of your end users? If not, it is time to start.
To help we have created Your Ultimate Checklist for End User Security. Print it out, put it on the desk of every employee, hang it in the break room, or send it out in your next company newsletter. Or, If you have company specific policies, use this list as a starting point and add your own. Regardless of how you decide to approach security education, the time to start is now. Remember, your security defense is only as strong as your weakest link.