Cybersecurity Insider Threats

Goals

The goal is to determine how to deal with insider cybersecurity threats by looking at which employees are vulnerable, what the biggest threats are, proper training techniques, and how to minimize vendor threats.

Early Findings

  • Human error is the biggest cybersecurity risk among employees. According to one study, 47% of data breaches are caused by some kind of error from the employees themselves.
  • 25% of employees say they regularly leave their computer unlocked and unattended at work.
  • 1 in 4 companies that work with contractors say these external vendors were the cause of a data breach.
  • Many companies do yearly cybersecurity training with their employees, but research is showing that smaller, more frequent training sessions are the best way to ensure people remember and implement safe practices constantly.
  • Companies that have remote workers should ensure they use VPNs on their computers and are familiar with common network security issues and how to avoid them.
  • Companies working with vendors should train their employees to never provide more than the minimum necessary information to vendors and they should always delete any inactive accounts.
  • Remote workers should also have "endpoint security" such as anti-virus programs and firewalls.
  • When working with vendors, companies should implement a Service-Level Agreement (SLA) that mandates what the security rules are for the third-party vendors and holds them accountable if they break those rules. Agreements should allow for periodic audits or inspections by the company to ensure that all policies are being followed.

Proposed next steps:

You need to be the project owner to select a next step.