The most common internal security breaches - Volume 2

In our last article, we started summarising the most common and most dangerous insider threats for small and medium-sized enterprises (SMEs). We wrote about angry employees with privileged system access to the company networks, colleagues who surf on the internet and download unwanted spying programmes, viruses or other malware, and co-workers who break the law by doing illegal activity on company property.

But the threats go on, and so, we continue our list of the Top inside security threats in SMEs with some more potential breaches:

#4: Leaking information

Information can be taken from a computer in a million ways. An opportunist employee is one of them. USB data sticks, mobile phones, CD-ROMs, MP3 players can easily enter the office buildings and in wrong hands, data can leave the company system on them. Gigabytes of customer databases, annual reports, payment information can just walk out the door in one’s pocket.

Companies are advised to buy and use software that can deny requests of writing data on portable electronic devices or hardware, to prevent information theft. These programs can specify what devices can be connected to the corporate network, and what data can be downloaded. Workers should also be educated in why the policies are in places, so they will not find a way to go around the regulations and damage the company.

Consider blocking non-work related, web-based e-mail and data storage systems, like one’s personal Gmail or Google Drive. Also, monitor who and why uses the company Wi-Fi system, and block all unauthorized devices.

#5: Bad habits

Bad habits die hard, right? But worst of all, they negatively influence the company as well. The trusting nature of employees might be a potential threat to the company. Why creating programs to steal passwords, if people can tell it to you? Even the best technical systems can fail, if people share their passwords and username with each other at work, making it undetectable who enters the database and gets information.

Staff must be trained to understand the risk of sharing passwords and leaking information. Someone might be listening in (especially over the phone, or in online conversations) and after gaining the information, they can remotely access the company system and gather all the data they need for their own needs.

#6: Inadequate access rights

Curious employees are common to have. They might enter files they should not, and probably not because they want something bad for the company, just simply to satisfy their own interests. Making confident documents available for everybody might lead to gossiping about the data that was in it and making it possible to leak information to other members of the staff, or even to friends and family outside work.

Customer payment information, long-term strategies, finances and other sensitive areas deserve to be properly protected from unwanted attention. Therefore, handing out the suitable rights for our co-workers is always an important step in securing our network system.

Document storage systems usually have the ability to distinguish each and every user by their level of clearance and deny access from unwanted curious staff members who have no business in seeing some of the confidential data.

Besides these major issues, there are of course some other minor inconveniences, that can be fixed by using some simple steps:

First of all, always make sure to request frequent password changes (eg. in every 3 months) from your employees, as this helps to avoid information leaking and wrongful entrances to the system. Also, try and minimize the outside technical infrastructure, and limit electronic devices that can be carried into company property. There is a strong recommendation for teaching employees to always lock their computer when they leave their places. Others might enter or take something from the device, while it is unattended.

Internal security breaches can cause a lot of harm to the company, and make life difficult for both the employer and the employee. Always make sure to use the most up-to-date software for protecting the firm’s intellectual property and make co-workers understand why the security measurements are needed.