Recent studies by IBM have shown that 60% of all attacks carried out on businesses were carried by employees. This is especially dangerous as attacks are coming from within trusted internal systems, which makes it difficult for protection technologies to detect them. So, how can you defend your clients from internal security threats?
Where do the threats come from?
Human error amounts for a large majority of vulnerabilities within companies and usually trusted employees or staff are to blame. This is often the result of insecure home systems, misaddressed emails or simple mistakes, many of which can easily turn into a breach of security. Other security threats such as phishing trick employees into releasing information in breach of security. It also isn’t uncommon for employees to maliciously steal sensitive data with the intent of leaking or selling it to sources outside of the business.
The risks of remote networking
Remote working is a great money saving measure for a business but in order to allow your staff to access the resources they need from home, you need to grant remote access into your network. This introduces a new range of risks into the business as cyber-criminals can use the more vulnerable home computers as a gateway into your otherwise secure network. This makes guaranteeing the security of your network much harder and introduces gaps and weaknesses into your security. Lost devices are another factor you have to consider with remote networking, if any device with access into the network or confidential data is lost, it can put potentially devastating information into the hands of a cyber-criminal. If these devices are not sufficiently protected, anyone who finds a lost device has access into your most sensitive information.
Security attacks and breaches can have a range of effects on a business. The impact is not always obvious or immediate, it can take months for the real effects of a breach to appear. While the intentions of an attack or breach can vary, there are two main areas of consequence; Financial and Reputational.
Your clients may suffer financially following a security breach. In the UK, the Information Commissioner’s Office can impose fines of up to £500,000 to the company for not complying with security standards depending on the severity of the data breach. If the EU’s General Data Protection Regulation decides the breach is severe enough, £100million fines can be handed out.
The business’ reputation is at stake as consumers lose faith in the business and make it difficult to attract new customers. In recent years there have been a number of high profile security breaches which drastically impacts brand loyalty.
Preventing future threats
Education and training goes a long way in preventing security breaches by those authorised to access your clients’ data. If users are educated about how they can avoid phishing and scams then they are less likely to accidentally reveal sensitive data.
Implementing layers of security systems and regularly updating them can make your clients data more secure and reduce the amount of gaps or risks within their system. Making sure that the employees at different levels only have access to the information that they need can reduce internal security threats.
How can we help?
At Marathon Professional Services we offer a business risk assessment, impact analysis, data access review, vulnerability assessments, penetration testing and more to help you feel more confident in your security.
Find out more by visiting our website here or by calling us today on 020 8329 1000.