MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious

The Biggest Threat to Your Network’s Security Isn’t What You Think it Is

Published on 31 July 13
397
0
0

The Biggest Threat to Your Networkâs Security Isnât What You Think it Is

The Biggest Threat to Your Networkâs Security Isnât What You Think it Is - Image 1

Viruses, hacking, phishing schemes. When you ask any IT security professional what the greatest threats to a corporate network are, you probably expect to hear them mention those common dangers.


Thereâs no denying threats from malevolent cyber criminals are real and a cause for concern. Every minute of every day, criminals are looking for ways to steal data â your data â for profit. However, the greatest threat to your network and data security is not a nefarious hacker working in a shadowy basement in a foreign country; itâs the people right in your building.


âTake This Job and â¦â


According to security experts, the greatest threat to any network are employees, specifically rogue employees who either deliberately ignore security protocols and employees who simply do not understand the security rules or who unknowingly engage in risky behavior. In fact, according to a recent survey, more than 40 percent of IT security professionals believe such employees are the biggest risk to network security.


Imagine this scenario: An employee receives an email that appears to come from a vice president in the organization, asking her to click on a link to confirm some information. She clicks the link, immediately allowing malware to infect her machine and others in the company. Before anyone realizes what happened, criminals have access to the heart of the company â and begin culling information to sell to a competitor.


Perhaps an employee leaves the company, taking with him his smartphone he used for work. Although he wasnât technically supposed to use a personal device for work purposes, he ignored the policy because it was more convenient. But weeks after he leaves, his phone is stolen â and the thieves now have unencumbered access to your companyâs network, thanks to the automatic logins and lax security protocols.


While you may think âThis could never happen to us â we have virus protection, and a mobile device management plan,â such occurrences are commonplace in todayâs connected world. Even though the majority of breaches arenât deliberately caused by employees or former employees (although some are directly instigated by disgruntled employees who wish to retaliate against an employer) the effect is the same: Your employees are putting your data at risk.


Policies, Procedures and Passwords


Because the greatest threat comes from in your organization, your security protocols must address internal threats as well as external threats. Using external threat protection that relies on data mining to identify new and emergent threats and stop them from attacking your network is certainly important, but so are internal policies and procedures that both educate employees and prevent them from even inadvertently causing a security breach.


Specifically, your threat protection plan should:


Limit administrator access. Security experts note a marked increase in security breaches caused by employees with administrator-level credentials. Only allow employees to access networks and data they absolutely need, and have a policy in place to remove administrator privileges when an employee leaves the company or full access is no longer vital.


Education. Incidents of phishing, in which employees receive messages via email or social media that appear to come from a trusted source but actually contain malware, is on the rise â specifically socially â engineered or spear-phishing attacks, in which a specific employee or organization is targeted using publicly available information. Employees need to be taught how to recognize and handle such messages as well as other strategies and information to protect data. Providing regular updates on new threats and what to do when a breach is suspected can go a long way toward preventing problems.


Manage mobile devices. Many companies are shifting to a BYOD environment and allowing employees to use their mobile devices to connect to corporate networks, but without a solid security and management plan, such a policy has the potential to wreak havoc on your data security. All devices accessing the corporate network should be equipped with security management software. Your company needs a written policy outlining acceptable use of mobile devices. The policy should, at minimum, cover how a device can be used, establish minimum security standards and outline what will happen if the device is lost or stolen or the employee leaves the company.


While employees present a threat to your corporate networks, the vast majority of employees do not want to cause a massive data breach or other security problem. But given that the risks are real, and a breach can lead to millions of dollars in expenses and lost time, itâs vital your company develops a plan to mitigate the threat of rogue employees.














The Biggest Threat to Your Networkâs Security Isnât What You Think it Is

The Biggest Threat to Your Networkâ

Viruses, hacking, phishing schemes. When you ask any IT security professional what the greatest threats to a corporate network are, you probably expect to hear them mention those common dangers.

Thereâs no denying threats from malevolent cyber criminals are real and a cause for concern. Every minute of every day, criminals are looking for ways to steal data â your data â for profit. However, the greatest threat to your network and data security is not a nefarious hacker working in a shadowy basement in a foreign country; itâs the people right in your building.

âTake This Job and â¦â

According to security experts, the greatest threat to any network are employees, specifically rogue employees who either deliberately ignore security protocols and employees who simply do not understand the security rules or who unknowingly engage in risky behavior. In fact, according to a recent survey, more than 40 percent of IT security professionals believe such employees are the biggest risk to network security.

Imagine this scenario: An employee receives an email that appears to come from a vice president in the organization, asking her to click on a link to confirm some information. She clicks the link, immediately allowing malware to infect her machine and others in the company. Before anyone realizes what happened, criminals have access to the heart of the company â and begin culling information to sell to a competitor.

Perhaps an employee leaves the company, taking with him his smartphone he used for work. Although he wasnât technically supposed to use a personal device for work purposes, he ignored the policy because it was more convenient. But weeks after he leaves, his phone is stolen â and the thieves now have unencumbered access to your companyâs network, thanks to the automatic logins and lax security protocols.

While you may think âThis could never happen to us â we have virus protection, and a mobile device management plan,â such occurrences are commonplace in todayâs connected world. Even though the majority of breaches arenât deliberately caused by employees or former employees (although some are directly instigated by disgruntled employees who wish to retaliate against an employer) the effect is the same: Your employees are putting your data at risk.

Policies, Procedures and Passwords

Because the greatest threat comes from in your organization, your security protocols must address internal threats as well as external threats. Using external threat protection that relies on data mining to identify new and emergent threats and stop them from attacking your network is certainly important, but so are internal policies and procedures that both educate employees and prevent them from even inadvertently causing a security breach.

Specifically, your threat protection plan should:

Limit administrator access. Security experts note a marked increase in security breaches caused by employees with administrator-level credentials. Only allow employees to access networks and data they absolutely need, and have a policy in place to remove administrator privileges when an employee leaves the company or full access is no longer vital.

Education. Incidents of phishing, in which employees receive messages via email or social media that appear to come from a trusted source but actually contain malware, is on the rise â specifically socially â engineered or spear-phishing attacks, in which a specific employee or organization is targeted using publicly available information. Employees need to be taught how to recognize and handle such messages as well as other strategies and information to protect data. Providing regular updates on new threats and what to do when a breach is suspected can go a long way toward preventing problems.

Manage mobile devices. Many companies are shifting to a BYOD environment and allowing employees to use their mobile devices to connect to corporate networks, but without a solid security and management plan, such a policy has the potential to wreak havoc on your data security. All devices accessing the corporate network should be equipped with security management software. Your company needs a written policy outlining acceptable use of mobile devices. The policy should, at minimum, cover how a device can be used, establish minimum security standards and outline what will happen if the device is lost or stolen or the employee leaves the company.

While employees present a threat to your corporate networks, the vast majority of employees do not want to cause a massive data breach or other security problem. But given that the risks are real, and a breach can lead to millions of dollars in expenses and lost time, itâs vital your company develops a plan to mitigate the threat of rogue employees.

This blog is listed under Networks & IT Infrastructure and IT Security & Architecture Community

Related Posts:
Post a Comment

Please notify me the replies via email.

Important:
  • We hope the conversations that take place on MyTechLogy.com will be constructive and thought-provoking.
  • To ensure the quality of the discussion, our moderators may review/edit the comments for clarity and relevance.
  • Comments that are promotional, mean-spirited, or off-topic may be deleted per the moderators' judgment.
You may also be interested in
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url

Back to Top