A cyber-security firm surveyed nearly 800 senior executives from around the world about corruption and the risk of fraud. Stunningly, 75 percent of these business leaders said their companies reported being victimized in some way over the past year. Again, most of us would jump right to outside cyber-attacks or even infiltration from a third party vendor. But the survey found that 81-percent of these attacks came from the inside! When looking specifically at information or data loss, 45 percent of the year’s attacks were traced back to an employee within the organization. Vendors and suppliers were blamed for 29 percent of the incidents. Only 2 percent were pinned on external hackers. A PricewaterhouseCoopers (PwC) Global Information Security Survey found that 35 percent of data breaches in 2014 were caused by current employees, 30 percent by former employees.
While these numbers are terrifying, they don’t necessarily mean your employees are out to get you. PWC found employees have several motivations… activist, personal or just plain carelessness. Target’s famous data breach was traced back to credentials stolen from a refrigeration and HVAC company that was conducting efficiency updates. The scariest part is that breaches can take months to discover.
So what can you do? Obviously, the first step is doing a thorough background check, including reference checks, on all job applicants and third party vendors. Once they are part of your organization, training and monitoring is key. There should be strong protocols about who can access sensitive information, as well as procedures for locking computers and not leaving documents lying around. Employees using personal devices can also make you vulnerable and should be trained on how to protect their data and how to avoid phishing attempts. Information security training is not a one-and-done thing. Refreshing, practicing and even internal auditing should be a part of your corporate culture and should involve everyone from new hires up to the CEO. Sometimes just knowing that someone is watching is enough to discourage bad acts.