Fall has officially arrived, and with the change of seasons and Halloween festivities quickly approaching, LBMC Technology Solutions wants to remind everyone that spooky things can happen…and every organization has their own “boogeyman” lurking in their office.
IT organization leaders deal with their own set of ghosts, goblins and ghouls…we know them as viruses, worms, phishing, and ransomware. The spookiest threat, however, is the threat that is in plain sight and seemingly not a threat at all: employees.
Ponemon Institute has recently conducted a State of Cybersecurity in SMB report, with the sponsorship of Keeper Security. As you can see, negligent employees make up over half of the root causes of data breaches. Sadly, when these breaches occur, it’s generally done without malicious intent.
In a recent article written by Emily Handy, published by Crain’s Nashville, Mark Burnette, a partner at LBMC Information Security was quoted; “If employees don't understand what their responsibilities are when interacting with a company computer system, it's going to be difficult for them to truly protect it. They might unknowingly do something that would put the company's data at risk.”
Our own Robert Powell, VP of Network Engineering at LBMC Technology Solutions said, “Threats can come through many avenues, such as web browsing, email, a “technician” asking for your password or a thumb drive you find on the ground. They often seem innocent, potentially helpful and may even be directly targeted to your company or even you personally. A savvy user will always be on the lookout for something suspicious or unexpected. If it seems questionable, check with your IT team before you open it, provide your password or plug it into your computer.”
What can be done to prevent data breaches from your own team? Below we will talk about how you can prevent unintentional data breaches.
According to Burnette, the single biggest step employers can take is to routinely provide multifactor authentication. Multi-factor authentication is a method of computer access control in which the user is granted access only after successfully presenting at least two separate pieces of information into the authentication device. This device is generally a cell phone or a key fob with randomized codes.
Employee Training & Accountability
The next step in strengthening cybersecurity is employee training and accountability. It is your organizations' job to provide training to your team, properly setting the expectation levels in employee conduct. This training needs to be clear, such as setting an Acceptable Use Policy, spell out the employee’s responsibility, and define what your organization defines as misuse. It is recommended that this training occurs at least once per year.
Protecting Removable Media
Removable media is any kind of storage device that can be removed from a computer while the system is still running. This can include USB drives, flash drives, external hard drives, CD’s, DVD and Blu-Ray disks. While seemingly harmless, if employees use unauthorized removable media, such as an external hard drive, information can be easily compromised. Not only can removable media be easily lost, but if a user doesn’t check configuration settings, items such as external hard drives may be cloud-enabled. This can easily result in having contents made available to anyone who wants to access it.
Every day spooky IT security threats increase and companies struggle to keep up. With LBMC Technology Solutions, you can scale up your security resources without adding staff – saving you time and money, while increasing the security of your data. Contact us today for more information.