Lost amidst the recent avalanche of news concerning data breaches, system insecurities, and other external cyberattacks was a joint Department of Homeland Security/FBI alert about insider digital retaliation. Defined as the destruction of data, theft of proprietary software, removal of customer information, restriction of access, and/or extortion by disgruntled current or former employees, federal agents say such instances have spiked lately.
How are such acts carried out? The unauthorized exchange of business information and other protected data via mobile devices and cloud storage websites is the most common way employees skirt the rules. But violations of company policy also include conducting illicit business through personal email and creating backdoor points of access so that technical or IT employees can exploit your business for financial or professional gain.
While the FBI’s report didn’t provide data on how many businesses have had their systems compromised or disrupted by insider attacks, the agency did say that “a review of recent FBI cyber investigations revealed victim businesses incur significant costs ranging from $5,000 to $3 million due to cyber incidents involving disgruntled or former employees.” Clearly, the impacts of such attacks are serious.
Of course, it isn’t just disgruntled workers that can affect your business — sometimes even the happiest employees will inadvertently let their guard down. IT providers like CMIT Solutions provide clients with the best security in the world, but when an employee opens a malicious email, clicks on an infected attachment, or unwittingly violates usage policies by downloading unapproved apps or using unsecured cloud services, even the strongest defenses can crumble.
What can you do to keep your business safe? To prevent any unfortunate situations that may arise from disgruntled employees, consider the following tasks:
- Conduct regular reviews of employee access and remove any login not necessary to perform regular daily duties
- Deactivate all logins and wipe all mobile devices associated with an employee or contractor immediately after termination
- Immediately update administrative passwords to servers and networks any time an IT employee is let go
- Encourage other employees to change their log-in information regularly
- Maintain remote, off-site, daily updated backups — and always keep the door to your server room locked
Other methods to maintain system integrity and network security for your business include the following, all of which should be outlined to employees on a regular basis, either by you or your IT service provider:
- Do not open ANY email if you don’t recognize the sender
- Hover over ANY link and review footers and web addresses before clicking on ANYTHING in an unfamiliar email
- Never open ANY attachment from ANY sender you don’t recognize
- Publish a clear and concise data security policy that ALL employees understand and are required to sign
- If you notice system hang-ups like intermittent spinning circles, an inability to open documents, text files titled with the word “decryption,” or other irregularities, stop using your computer immediately, disconnect it from the network, and contact your IT service provider
Early detection and timely reporting of suspicious computer behavior is critical to successfully eradicate system threats. And understanding the role that employees (both happy ones and potentially disgruntled ones) play in IT security is equally important.
CMIT Solutions is committed to making technology work for your business, not against it — and such success starts with the people in your office using that technology day in and day out. Contact us now if you need help assessing your business’ level of employee security and devising strategies to maintain it in the long term.