Almost half of UK businesses reported having any kind of cybersecurity breach or attack in the last 12 months. That is data from the Cyber Security Breaches Survey 2020 run by the Government.
The report shows attacks are continuing to rise as we go through 2020. Of the 46 per cent of businesses that identified breaches or attacks, more are experiencing these issues at least once a week in 2020.
Cybersecurity is a priority
Thankfully the vast majority of businesses (80 per cent) are now identifying cybersecurity as a priority. However many are still missing a key area of their cybersecurity, insider threats.
88 per cent of UK data breaches are caused by human error. Whether intentional or by honest mistakes, employees represent a significant risk to your business.
Understanding insider threats will help your business protect itself from a common cause of cyberattack.
What is insider threats?
An insider threat is defined as: “the cyber risk posed to an organisation due to the behaviour of its employees.” There are inadvertent and intentional threats. Intentional threats are much rarer because they are when an employee deliberately sets out to steal or expose data.
Most employees do not plan to harm the company. The majority of internal threats are unintended, usually stemming from a lack of awareness or understanding.
Errors in the workplace
Human errors can easily occur in the workplace. We are often distracted while multi-tasking or in a rush. Sometimes the issues occur because staff are not trained properly to handle data or simply aren’t aware of the dangers surrounding breaches.
In a recent report, Insider Data Breach, 60 per cent of executives stated that they felt the major cause of internal breaches were employees who made mistakes while rushing to complete tasks. Another 44 per cent felt a lack of general awareness as the second primary reason, and 36 per cent cited a lack of training for their company's security tools.
Ways employees can be cybersecurity risks
- Lose company devices, such as laptops and phones
- Don’t password-protect devices or encrypt sensitive files
- Access data and enterprise networks through unsecured WiFi connections
- Store passwords on a computer or mobile devices
- Use weak passwords or one password for all access points
- Open suspicious emails or click on infected links
- Access company data on personal devices that don’t have antivirus software or firewalls
- Accidentally send information to the wrong person
Accidents can happen but as they can greatly weaken your cybersecurity efforts you need to find a way to limit them. Because employees can cause substantial cyber incidents, businesses must apply just as much effort to their internal security as they do for external threats.
Tips for Securing Data Against Insider Threats
- Educate employees on cybersecurity best practices
- Require strong passwords for all devices used to access company networks
- Require file encryption
- Employ multi-factor authentication
- Do not permit network access on unsecured WiFi connections
Please note that these are quick and easy to implement tips. They are not a complete security strategy. An IT support provider who is an expert with IT security can help you develop a full plan that addresses overlooked internal vulnerabilities with automated monitoring and daily alerts of suspicious activity.
While more businesses are treating cybersecurity as a priority and focusing on external threats, insider threats are still leaving their business vulnerable. Educating and training your staff is a big step in protecting your company.
An experienced IT provider, like ourselves, can help you formulate a full cybersecurity plan that includes insider threats. We offer a free IT discovery audit which will allow us to show you how effective your cybersecurity is.