A new year is a good time to take stock of your company, look at what’s working and what isn’t working, and find ways to improve on the status quo. Your organization’s cybersecurity is definitely an area that warrants close examination. A breach in security could be extremely damaging to your company, and it’s important to stay vigilant about it in the coming year. Take a look at some of the major cyber threats–both internal and external–that you and your IT team should be on guard for this year.
Outside threats are one of the most common threats to data security. These threats are the terrors we understand best online; external threats include malware, shadow IT and phishing schemes. These threats can come in the form of innocent downloads, apps and emails that seem to be sent from a coworker or friend.
Apps and devices that aren’t approved by your IT department could compromise your organization’s security.
A survey by McAfee revealed a surprising fact: more than 80% of the employees who responded used shadow IT at work. Shadow IT refers to apps, software, cloud services, and hardware that are not controlled by the IT department and are used without the company’s knowledge and consent. Employees are rarely doing this for malicious reasons – often, it’s just a matter of preference or convenience.
Although the term “Shadow IT” sounds negative, the technology itself doesn’t have to be shady or nefarious – it could be as simple as an employee using Google Spreadsheets rather than Excel. The problem in that example isn’t Google Spreadsheets, it’s the unauthorized use of Google Spreadsheets. When employees use apps, services, software, or hardware that’s unapproved by the company and not controlled by your IT team, they put your company’s security at risk. And given that the use of shadow IT is so prevalent among employees, it should be high on your list of things to look out for. Employee monitoring software gives you a simple way to check in and make sure that your employees are using approved secure technology.
Phishing attacks are a type of cyber attack that happens when an outsider tricks an employee into giving up confidential information. Phishing attacks are commonly thought of as happening primarily through email, but cyber attackers have grown more sophisticated, and phishing attacks may now occur over the phone, via text message, and even through social media platforms. Spear-phishing attacks – attacks that are highly personalized to target a specific person – can sometimes fool even a savvy employee.
Employee monitoring software can help you keep tabs on who your employees are communicating with and what kind of information they’re sharing. You can head off phishing attacks before they have a chance to compromise your data.
The dangers of computer viruses are well-known, but employees can still be fooled into accidentally downloading them.
Computer viruses are nothing new. But despite the fact that everyone is aware that computer viruses exist and can be damaging, they continue to cause damage. Why? Because they continue to do what the people who release them intend them to do. Today, many viruses and worms are designed to steal personal and financial information.
It’s easy for computer viruses to come in through downloaded files or links. It’s important to train employees to steer clear of suspicious files and links. But employee monitoring software can also help you oversee what links and files your employees are receiving and make sure that they are not accidentally introducing viruses or worms into your organization’s computers.
However, your employees also could be hidden threats to your internal security. A disgruntled employee (or one who has been fired or who has quit) could pose a major threat, especially if they have access to proprietary information and passwords…and have an ax to grind.
Contract employees also could threaten your data, especially if they have unmonitored and untethered access to the internet via company devices.
When it comes to cybersecurity risks, an insider threat is one that is coming from the inside. While outside attackers do exist, they are often less of a risk than the people that you hire to work inside of the company. Some insider attacks on your network and data are intentional, caused by angry and disgruntled employees or deliberate spies. Others are accidental. Employees may simply make careless mistakes that compromise security, or they may be targeted by outside forces and tricked into revealing sensitive information. No matter what the reason, it’s important to take steps to limit your risk of insider threats. Take a look at how employee monitoring software can help you protect your business in three key employee scenarios.
Assigning contractors to monitored workstations with limited credentials can help protect your network.
It can be useful to hire temporary, contract employees when you’re in an especially busy season or when you have a need for limited but important services that your full-time employees aren’t capable of providing. The problem with using contract employees is that you’re granting access to someone who isn’t familiar with your system, and therefore might be prone to mistakes. They also don’t have a reason to feel loyalty to your company the way that a traditional employee might.
The key to protecting yourself when it comes to using contract employees is to grant limited access. Make sure that the workstations being used by contract employees are equipped with employee monitoring software so that it’s easy to check on their actions. Contract employees should be granted temporary credentials that will expire when their contract is finished, and those credentials should give them access only to the areas of your network that they strictly need to access. For example, if you hire contract employees to work on the production side of your business, there’s no reason that their credentials should allow them access to payroll or sensitive client data.
Prevent disgruntled employees from performing actions that could hurt your company.
When you hire a contract employee, it’s easy to set appropriate limitations because you know that you’re hiring a temporary employee with a limited role in the company. Protecting yourself against disgruntled employees can be more difficult because you won’t necessarily know who is unhappy with their job – and not all unhappy employees feel compelled to strike back maliciously at their employers, either. But some do.
That’s where many of the protections provided by employee monitoring software come into play. You may not be able to look at your employees and know which ones might choose to strike back against you or your company for something, but employee monitoring software can detect unusual behaviors and alert you to them. If an employee suddenly begins downloading unusual files, visiting insecure sites, or attempting to access areas of the network that they shouldn’t have access to from their workstation, you can be alerted immediately.
A third scenario where you need to be especially concerned about security occurs when an employee is leaving your company. When an employee leaves, you need to be sure that they aren’t bringing any proprietary information with them, and that they can’t access your company’s information from their new position at a new company. This can be especially important if a departing employee is leaving to take a job with a competitor, or with a company in the same industry.
Features included in employee monitoring software can help. You may want to limit your departing employee’s access during their last days with your company by changing the permissions attached to their credentials. You’ll also want to make sure that as of their departure date, your former employee’s credentials are no longer valid.
Your employees could be at risk for data breaches, too, though, and this also leaves the company at risk. An employee could be the victim of man-in-the-middle attacks. What are these, exactly?
When it comes to threats to your company’s sensitive data and information, it’s important to be aware of the different ways that your network can be compromised. Often, threats to your security come from the inside – not necessarily because of any intentional wrongdoing on the part of your employees, but because your workers may be targeted by outsider attacks. Man-in-the-middle attacks are one way that employees can be targeted. Take a look at what you need to know about man-in-the-middle attacks and how you can guard against them.
Once a worker discovers that they’ve been duped by a fake website, it may be too late.
When you type a URL address into your browser, you expect to be taken to a specific website. But what if instead of the website you were expecting, you were brought to a convincing fake version of the same site? That’s essentially what happens in a man-in-the-middle attack.
Essentially, the attacker overrides the Domain Name System (DNS) that is supposed to tell your browser where to go to find the website that you’re trying to access. The site that you actually wind up at can look and act just like the site that you’re looking for – and may even share information with the correct site, if it’s a sophisticated fake – but the false site records the information that you input and allows the person who took over the DNS to access that information. So, if you put bank account numbers into a fake site during a man-in-the-middle attack, the attacker would have those account numbers.
Although man-in-the-middle attacks are instigated from the outside, it’s workers who fall for them who end up putting the information into false sites and compromise company data. Preventing this from happening is key to protecting your business from these attacks.
One simple way to prevent man-in-the-middle attacks is to make sure that your employees are trained to use https:// instead of https:// when they type in URLs. The “s” indicates that the connection between your browser and the website is secure. While man-in-the-middle attacks are sometimes possible even when https:// protocol is used, they’re very rare.
It can also help to keep computer systems, browsers, and apps updated. Software is routinely updated to shore up vulnerabilities that allow man-in-the-middle and other attacks to happen. Staying updated ensures that your computers and devices are always as secure as they can be. An IT professional can also configure your devices to only use DNS servers that have already been identified as safe.
Strong monitoring can help ensure that necessary security settings stay in place.
It’s tampering with device configurations that can often lead to successful man-in-the-middle attacks on company devices. Employees may be tempted to change security settings for convenience, or in order to access personal sites that are blocked on the company network, or simply because they don’t understand the purpose of the security settings. This can leave computers unprotected and allow an outside attack to get through.
Software can keep you apprised of potentially dangerous changes to security settings on devices used on your network. Spotting attempts to make these kinds of changes can help you ensure that your company’s devices remain secure and that employees who are careless about security settings are retrained or disciplined.For more information about how you can protect your company’s data from cyber attacks, take an online test drive.