The Biggest Hacking Risk? Your Employees
This January, a hacker broke into Ethereum Classic, one of the more popular cryptocurrencies, and began rewriting transaction histories. Until recently, blockchains were considered unhackable, but it’s clear that cybercriminals always find vulnerabilities.
Here’s the lesson: If a blockchain can be hacked, no one is immune to the threat of cybercrime. And businesses are frequently exposed in unexpected ways.
One of the easiest vectors for a cyberattack is employee negligence. Easily avoidable mistakes, such as using the same passwords at home and at work, put company data at risk. According to a report from information security company Shred-it, 47 percent of business leaders attribute data breaches to human error or lost documents or devices. Plus, plenty of data breaches originate from phishing attacks, which means that some employee at the company has to “open the door” to the hacker for the breach to occur.
Because data breaches can incur enormous costs and greatly harm your company’s reputation, it’s imperative to do all you can to prevent them or mitigate the effects if they occur. Often, it’s difficult to know how to discuss this important issue with your team. As you work to prevent employee-related cybercrime at your company, keep these three basic principles in mind to encourage cybersecurity best practices:
1. Keep a finger on the pulse of your workforce.
One of your first lines of defense against cybercrime should be human resources. This department can play a key role in raising employee cybersecurity awareness, as well as educating employees on safety measures.
Just as importantly, HR representatives must be aware that negligence isn’t the only cause for an internal data breach. In fact, a significant number of cybercrimes are inside jobs — at least 22 percent, according to Shred-it’s report — so HR personnel should be on the lookout for disgruntled employees who may be predisposed to participate in cybercrime. Sentiment-monitoring software tools use artificial intelligence to analyze text for emotional cues, and they can alert HR to low engagement or negative emotions that may indicate possible security risks.
2. Hack your system.
One of the best ways to assess your vulnerability is to try to hack into your own systems. This proactive approach, called ethical hacking, will undercover vulnerabilities before cybercriminals can exploit them.
Good ethical hackers don’t just do one pass through your systems. Instead, they continually run through all scenarios and test the newest methods of attack against your defenses, a process known as penetration testing. That’s the only way to remain a step ahead of real threats. A comprehensive scan of your vulnerabilities should include trying to get through to critical systems by duping employees just as cybercriminals would.
As with other IT professionals, ethical hackers should be certified to ensure appropriate experience and credibility. Employ those with certifications from organizations such as InfoSec Institute or EC-Council.
3. Shore up your weak points.
Of course, once you’ve uncovered chinks in your armor, you have to patch them as soon as possible. And you might be surprised about some of the biggest holes in your security.
Consider something as seemingly innocuous as your printers. These can be easily hijacked and sent print jobs, such as when a hacker named “Weev” was able to access public computers nationwide and print anti-Semitic literature. Kevin Pickhardt, CEO of enterprise print solutions provider Pharos Systems International, explains this danger: “Data-loss prevention solutions put a digital wrapper around a business, but paper can sometimes escape that wrapper. Office printers are not only potential sources of data loss and confidentiality issues, but attack vectors that hackers can exploit.” Be sure to take precautions like secure pull-printing, in which employees can only retrieve their own print jobs with secure credentials.
Employees’ devices can be another weak point for attack, particularly because these devices aren’t standardized or controlled by professionals within your IT department. Fortunately, there’s a simple solution: Invest in a firewall-as-a-service system that will allow your team to use phones securely at work.
Cybersecurity must be a top priority for any company that wants to remain competitive in the years ahead. By looping in HR, working with ethical hackers, and patching the holes you inevitably find, you can stay one step ahead of the cybercriminals bent on hacking your systems at their weakest point — which is often your own employees.