While cyber criminals receive a lot of attention and generate headlines, the threat coming from within an organization, whether malicious or not, may be greater.

Employees and contractors that are provided access to a company’s network infrastructure without proper risk management training, can have a significant risk to businesses.  Many cyber-security breaches are due to employees having no knowledge of security risks.  Some of these breaches may include accidentally posting sensitive information on the company’s website, emailing restricted information to the wrong email address or improperly disposing of confidential records.

Most cyber-attacks occur due to an employee providing their credentials to hackers.  Cyber criminals will take advantage of employees who are unaware of phishing techniques through forms on fake websites or links infected with malware.

Best Practices

To safeguard a network, the company needs to

  • Identify potential vulnerabilities through a company-wide risk assessment.
  • Company leaders should know what data needs to be protected, where the data resides on the network and who has access to the data.
  • Once sensitive data is identified, access should only be given to the vetted employees who knows the security protocols.
  • When hiring technical employees or contractors, companies should hire a third party security service to conduct a comprehensive background check before those employees are given clearance to work on the company’s infrastructure.
  • Frequent training should be offered to remind employees about cyber-security risks and security protocols.

Maintaining data security requires constant monitoring and vigilance.