Don't Forget to Share this Post

The Biggest Security Threat to Your Firm Might Be Sitting Next to You

By Eze Castle Integration | Monday, March 26th, 2018

Here at Eze Castle Integration, we often talk about cybersecurity threats and best practices firms can employ to keep information safe. Just last week, we talked about computer viruses and the threat they can pose to your organization. You may think that your security efforts should be focused on external risks, but the reality is that the biggest security threat to your firm could be the person sitting right next to you.

PricewaterhouseCooper's 2018 Global Economic Crime and Fraud Survey includes statistics from a PricewaterhouseCoopers survey of executives about economic crimes. Several jarring statistics were provided, including:

  • 52% of respondents who said they had experienced economic crime in the past 12 months said the main perpetrator of the most serious fraud was someone inside the organization, up 6% from 2016

  • 24% of  reported frauds were committed by senior management 

  • 68% of external actors committing the fraud are familiar with the organization, whether they are vendors, service providers, or clients

Anyone at the company with a certain level of access could gain control of sensitive information. This is why we recommend firms employ the principle of least privilege. In its simplest terms, this means only allowing access to data, documents and resources to personnel who need it. Members of the IT staff likely need more access than employees in the Human Resources or Marketing departments, for example.

We’ve talked about these before, but here are a few internal security best practices to keep in Restrict Computer Privilegesmind:

  • Maintain a strong password policy. In addition to creating a strong password and changing it frequently, be sure not to write it down or give it out. Creating a tough password means nothing if it can be easily discovered by a coworker.  And remember, "password" is not a good password.

  • Use multi-factor authentication. In order to access certain systems or data, your firm should employ at least two-factor authentication practices. This means that in addition to providing a password for access, employees would also need to provide a separate PIN number, for example. For access to a data center, firms may want to use biometric screening as a second authenticator.

  • Take control of company-sanctioned mobile devices. What about when an employee leaves the firm? Can he/she still access company data and information from their mobile device? It’s important to remember that even if an employee leaves, access may not be automatically terminated. Firms should ensure they restrict access when employees leave and are also able to wipe devices remotely if necessary.

Just remember: when it comes to protecting your company’s sensitive information, don’t just train your eyes outward. Look inside too.

Want More on Firm Security? Download our ebook '9 Steps to Create an Information Security Plan'

Read On:

Contact an Eze Castle representative

Editor's Note: This article has been updated. It was originally published in May 2012 by Kaleigh Alessandro (Eze Castle Integration). 

Source: PricewaterhouseCooper
Photo Credit: eHow


Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!