[BreachExchange] Corporate employees are your worst IT risk
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Jun 17 16:24:52 EDT 2016
http://itbusinessnet.com/article/Corporate-employees-are-your-worst-IT-risk-4458552
When it comes to balancing productivity and data security, business owners
are dealing with a dilemma. Do you improve access or do you protect your
corporate assets?
This issue is a reflection of our world today. Should we open our borders
or should we put up a wall? Should we negotiate with Cuba or should we keep
up the embargo?
In reality, the answer for politicians and upper management like yourself
lies somewhere in between.
Getting down to business, the nightmare for management typically sits
behind your desks. These rogue users include everyone from that new
marketing hot-shot you hired to your co-founder who you've stuck with
through thick and thin.
The bottom line is that more than 63% of business threats come from inside
your organization. This could be due to laziness, non-secure procedures or
even foolishness.
On one hand, you have Shadow IT risks, where over 15 percent of files in
the cloud contain sensitive data and 92 percent of companies have cloud
credentials for sale on the dark web. On the other hand, social engineering
attacks leave your data and financial resources at risk. In fact, the
average cost of a data breach was $3.8 million dollars in 2015.
Astonishing. What's the genesis of these threats? The people lurking within
your office.
But is it fair to call your closest confidants the threat? These are the
people who drive productivity. These are the individuals who impact the
bottom line. Whether marketing, accounting or sales, these are the folks
who are approaching problems creatively and driving the business. Why
should you slow them down?
Maybe the real problem stems from the gatekeepers, specifically your data
nerds and technologists. From the help desk to the CIO, they could be
letting you down. Why aren't they implementing the hybrid technologies that
give your team the tools they need to send sensitive files to folks inside
and outside your company?
Technologies like hybrid cloud storage help because they take your storage
and add compliance features and accessibility enhancements, like
versioning. That means if your new marketer accidentally downloads the
crypto virus, you can roll back your data. That means IT can see where
their files are and what activity surrounds them. For example, if your CFO
sends a spreadsheet with payment data across the globe, you can delete that
shared link and look at audit data around the files to look for a "security
incident."
But instead of an easy tool like the hybrid cloud, your employees use their
personal email or Dropbox account because "it's just easier" and it has
bigger attachment size limits. IT hasn't delivered suitable technology that
balances security and access for the employee. If the employee is the
problem solver, then IT must be the main obstacle! Well, that's debatable...
Think about it, did you tell these employees they couldn't use their
Dropbox account or personal email? Did you educate them on phishing tactics
during a lunch-and-learn? Is all this in an employee-signed policy
somewhere? Did you tell IT to go with a less user-friendly solution because
it saved the bottom line?
Your nightmare doesn't start with someone sitting in a cubicle, it starts
with you. They've just followed your direction. Look in the mirror, you're
the leading rogue user that could bring your company to a crumbling digital
heap.
Ultimately, rogue users originate from a cultural issue, which begins with
management and culture. Employees are trying to get around obstacles and
collaborate with people inside and outside the organization. IT is trying
to keep everyone happy, the company safe, end-users satisfied and the
budget in the black.
As upper management, you set the cultural tone. You need to tell IT to find
the right secure file management technologies to revolutionize the way your
employees work in a positive manner. It's time to take the next steps to
improve the culture surrounding rogue users in your workplace:
- Increase communication to improve cross-department trust
- Implement security training so people understand the tools and obstacles
- Centralize authority and assign responsibility so people know what to do
and who is accountable
- Conduct regular audits to understand upcoming threats and current
business trends
- Adopt balanced technologies that let people work efficiently and give
IT-enhanced visibility and security for better compliance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160617/ff2d3609/attachment.html>
More information about the BreachExchange
mailing list