Running a business of any kind, no matter what sort of industry you’re in, means that you’ll be faced with all kinds of risks and threats that you need to consider and prepare for… and unfortunately, while hacks and attacks are perhaps more common incidents that a company will have to face, there is still an inherent risk that someone from within your business will behave in such a way as to cause serious harm - whether they mean to or not.
That’s why it’s so essential to prioritise insider threat awareness training so you know how to identify these risks and so you know how to react if something along these lines does come up.
Because your staff members have constant access to your networks and systems, they can in fact cause a lot more potential damage than anyone trying to bring you down from the outside through negligence or lack of awareness.
And in the days of GDPR and the possibility of being hit with serious fines for data breaches and leaks, it’s vital that you do all you can to address this concern head on.
As such, you need to make sure that you focus on training up all staff members so they’re aware of security issues so that everyone knows what they need to do and what their responsibilities are.
You can improve your security awareness by taking the lead and pushing for change within your operations, so make sure you embed this in your recruitment and training processes, as well as through ongoing professional development at each stage of people’s careers.
And, of course, you need to make sure that who you’re recruiting, hiring and working with are above board and honest, which can often be easier said than done.
Recent research from Accenture found that 18 per cent of health employees in the US would be willing sell confidential data to unauthorised parties for as little as between £500 and £1,000.
And those from provider organisations were more likely than those in payer organisations to sell confidential data, including login credentials, downloading data to portable hard drives and installing tracking software.
And Centrify has also just revealed that the majority of IT decision makers are not currently prioritising privileged access management practices at work, even though they’re aware that privileged credential abuse is involved somewhere in nearly three out of every four breaches that take place.
This particular survey showed that 60 per cent of UK companies don’t have a password vault, 58 per cent still share root or privileged access to systems and data somewhat often at least, and 70 per cent admit they typically take more than one day to shut off privileged access for people leaving the company.
Taking a course to help you identify insider threats could prove especially useful at this time, looking at social engineering tactics and opportunities to help you detect deception and think about the motivation of insiders and the risks they pose to your company. Get in touch with us today if you’d like to find out more.