These days, security professionals must be highly vigilant against the many threats that place their organizations at risk on a daily basis. And while hackers certainly show up high on the list, the truth of the matter is, it’s the people who work within your company that pose the greatest risk to data security. That’s why things like spear phishing have become such a successful method of entry. In fact, 80 percent of companies say that “end user carelessness” is the biggest security threat to their organization.
But the ones that are making your company most vulnerable to potential breaches aren’t poorly trained entry-level employees. It’s your senior level managers. Surprised? Many are. Yet, if you think about it, these individuals have access to information that is much more sensitive than that of the everyday employee. So, it stands to reason that the chance of an error resulting in a breach is naturally higher for this group.
And the numbers seem to support this theory. 58 percent of senior managers have accidentally sent sensitive information to the wrong person (compared to just 25 percent of workers overall). 51 percent have taken files with them after leaving a job – twice as many as office workers in general.
What are the biggest security risks these insiders pose? Most tend to fall within one or more of the following:
- Reusing or sharing passwords with others
- Leaving computers unattended outside of the workplace
- Failing to delete data from computers once it’s no longer necessary
- Carrying unnecessary sensitive data on a device (laptop, tablet, smartphone, etc.) while traveling
- Using unsecured personal devices to process sensitive information
- Failing to encrypt information when transmitting
So, what’s the solution? Well, the best approach should be multifaceted. Here’s a list of recommended actions:
- Develop and establish a written security policy
- Communicate that policy openly and regularly to ensure awareness across all levels of the company
- Ensure appropriate access restriction to sensitive data (virtual and physical)
- Conduct regular training to increase security awareness about what is and isn’t acceptable (start from the top!)
Last, but certainly not least, you should invest in available technology. This includes monitoring systems, alerting programs and automated cybersecurity incident response. These things will ensure that should an employee still make an error, it will be detected, addressed and remediated as quickly as possible.