Did you know that in 2016, IBM found that 60% of all cyber attacks were carried out by insiders? Of these three quarters were due to malicious intent, and one fourth due to negligence or error.
As you look to how you should secure your IT environment as a whole, there are two main questions you should ask:
Ultimately, it’s not the people in your organization who are the least reliable that you should be concerned about. Instead, you should focus on the work employees do, the technology they use, and the data they’re responsible for—data that would be appealing targets for hackers and cybercriminals.
The following are the three departments that experts suggest you focus on:
The IT Department
IT staff often possess greater access rights than do other departments. They have access to business-critical data through the IT systems they manage and control. This makes them a prime target for cybercriminals. According to the 2017 Balabit Report, 35% of IT professionals consider themselves as the biggest security risk to their organization.
Your financial department poses a risk because of the large sums of money they handle. They are often targets of phishing attacks where criminals try to get them to transfer large sums of money, and bypass normal accounts-payable procedures and controls. Unfortunately, not all employees who have access to funds are up-to-speed on these fake payment requests. It’s important that they are taught to maintain rigid purchasing processes. A simple call or email can expose your company to theft.
Your CEO, CTO, and other top executives are always on the go and require access to 100% your company’s information and data. A mobile workforce is the trend of the future, and company leaders have been working from remote locations and off-site meetings for years now. However, 93% of tech leaders surveyed said they were concerned about the security challenges presented by a growing mobile workforce.
As a small business owner, your focus may not be identical to the departments described above. Simply think of the places where data and money are transacted, and what networks those workers are most often connected to.
To mitigate these risks, be sure to implement the following strategies in your workplace.
The Better Business Bureau has a great list of starting points if you’re looking for a checklist. If there’s no one individual who can lead the implementation of these strategies, consider contacting your IT provider to for assistance and training.