Amazingly enough (or maybe not), these are your biggest security risks. But before you start ringing necks, you should know that much of the fraud committed by employees is unintentional. So they may not even realize that they are delivering your organization into the arms of hackers.
Here are the three of the most common ways a hacker can get into your network:
Phishing: Remains one of the most common ways employees inadvertently invite hackers into their personal systems and into those of their employers. An employee responds to an urgent email that appears to be authentic, and follows a link to provide them with passwords and PINs. Voila! They're in. Only after hours and hours (and possibly thousands of dollars) can you begin to untangle the mess. And you have one pretty embarrassed employee on your hands as well.
Social media: Today there is so much cross over between what is "personal" and what is job related that it's no wonder companies are reluctant to use social media, let alone allow employees to post. It is an incubator for hackers as personal information flows, is captured and combined with other personal data, all used to mount a successful (and devastating) personal attack within an organization.
Fraud: And, yes, there are plenty of reported incidents of employee involvement in crime rings, assisting cybercriminals in hacking into their employers' systems and getting out again, often so ingeniously that tracing the activity can be challenging. Catching the employee can be equally challenging.
What to do? Here are some ideas to help reduce the threat of hackers:
You may be surprised at what even your most astute employees do not know. Educating your employees about phishing and other "points of entry" hackers use, can go a long way towards avoiding it. Make sure each employee has access to your technical team in the event he or she comes across a suspicious email, asking them to share personal or corporate information.
What experts, such as Rik Ferguson, VP of security research at Trend Micro, suggest is to tailor the training to the job function of your employees, and even to try to make it interesting.
In aZDnet interview, Rik stressed the importance of this."You need the right mediums for the right people. You can't have a one-size-fits-all training program; if you're training your developers, you're going to need different content to what you're using to train your sales people, finance or HR people."
Give them a "sandbox":
One great way to get employees serious about doing their part in protecting against cyber fraud is to let them experience what it can do, first hand. Well, almost. Experts recommend giving them their own sandboxes. As Trend Micro suggests"Let them mess up in a safe environment because then they realize they can mess up, nobody's perfect. Dare to fail, learn from your mistakes, analyze and improve."
Not only awareness between you and your employees, but between employees as well. Keep your eyes and ears open and encourage them to do the same.
Remember, all a hacker needs is one vulnerable point of entry. Just one. So, considering the growing list of devices we all use, that point of entry will become easier to find, not harder. More connections, more devices, more points of entry for hackers. And more headaches for IT.
Thankfully there are companies that know how to untangle and help mitigate security risks. At CDR-DATA we've been collecting data and uncovering fraudulent data and voice activities for over 20 years. There are few things we haven't seen and helped protect against.
As your list of potential security breaches continues to grow, don't wait until it becomes a mountain of confusion.Contact us now, so we can help you protect your tomorrow.
Kevin Young, Founder and CEO
Facebook Off Estimates by 80%? Oh Oh.
Here's something to pass along to your marketing department. More specifically, to those in charge of your digital advertising.
There has been a lot of concern, lately, as to the transparency, or lack thereof, of some of the major social media advertising vehicles.
Here's an interesting article from Wall Street Journal that sheds some light on the subject.