The most common internal security breaches - Volume 1

Criminal attacks might happen to a company from outside sources, or from the inside. Most of the time employees pose a great risk and raise the likelihood of a cyber-attack by their daily routines. Small and medium-sized enterprises (SMEs) are especially vulnerable to these IT security breaches, as they may lack sophisticated methods and monitoring systems used by large corporates.  Also in some cases, they may lack the understanding of nature of incoming threats.

Therefore, today we are going to talk about top inside security threats in SME-s:

#1: The employees

An unsatisfied employee is never a good sign. However, when the system administrator is unsatisfied, that can cause way more trouble for the company. System administrators or IT staff usually have privileged system access to the company network, and this access can open backdoor communications in computers, or leave programs behind to steal information or wreck the system. There have been infamous cases of IT staff breaches before, one was connected to Unix logic bombs and the investment bank of UBS. The damage costs were over 3 million dollars back in 2006. The reason for the attack? Some say, the responsible IT member felt like his bonus was way below of what he deserved, and after he quit he left a parting gift for the company in the form of a malware program. So, always respect your professionals.

The best way to protect the company against these attacks is to monitor employees and be alert of anyone who might abuse their positions. Also, revoke all network access and passwords as soon as employees leave the company to avoid remotely accessing the system.

#2: The DLC-s

As far as video games go, DLC-s are usually fun. But other downloaded contents (DLCs) can mean a great risk of security threat when they are introduced in a company network system. Some reports say that the average SME employee surfs the internet for approximately hour during work time: looking at videos, sharing files online, playing games or using social media. This means an additional cost for the company, but worst of all it is also an open invitation for security threats to happen. When employees search the web, they might be unaware that there is a great possibility for downloading viruses and malware to the company computers or running into unwanted JavaScripts on websites.

It is very easy to hide a rootkit in a game or video clip, and the average user might not notice anything extraordinary, not even after the dangerous content has been downloaded to the computer.

So, always make sure to update and patch the IT system, and educate your colleagues about the dangers of wandering around the internet during work hours. Also, scan your system as often as possible, and buy that high-quality antivirus software, even if it means a little extra cost to you. In addition, it can be useful to block some websites, video content and online gaming from the company network.

#3: Illegal activities

Remember, as an employer you are responsible for what your employees do on their office computers. Not long-ago US-based Citibank was sued for 2 million dollars when it turned out that employees downloaded porn from the internet using the company’s infrastructure system.

There have been other cases when employees were caught selling drugs online, or doing other illegal activities on their company assets, which lead not only to a massive case of firing people but also to a huge number of legal trials, carried out against the companies these people were working for.

Always be prepared for these incidents, and protect yourself by monitoring the network closely with some special software that can check internet traffic, or alert when certain keywords are used in the system. Also block certain websites and activities completely.

Consider crafting a mandatory company policy as well, which highlights employees' responsibility for network security, and make sure it is signed by each and every co-worker.

There are a great number of other threats that can influence your work environment and the welfare of your company, and we just introduced you to the most common ones. In our next article we will return with the second part of the topic, and share some other warnings and tips on how to avoid inside security breaches and possible scandals in your SME, so make sure to check back to us.

Read more