As a security expert I spend a lot of time talking to businesses about how they can create more safe and secure environments. Lately, I’ve been talking a lot about insider threats and what companies large and small need to do to keep themselves protected. But, this month, I am changing gears a bit. Instead of talking to businesses, I’m talking to you-yes, you as an individual.
Unintentional insider threats have cost U.S. companies millions of dollars and even the best of employees can become an insider threat. According to an article from Lancope.com, here are 5 things you can do to make sure YOU are not the cause of your own insider threat.
What is an Insider Threat:
An insider threat arises when a person with authorized access to U.S. Government resources, to include personnel, facilities, information, equipment, networks, and systems, uses that access to harm the security of the United States. Malicious insiders can inflict incalculable damage
Be mindful of devices with company data on them
Whether it’s work-related emails on your phone or a company laptop out of the office, you need to be careful not to let this information get into the wrong hands. Don’t store unnecessary data on your devices, avoid connecting to external networks, and always immediately report a lost or stolen device.
Encrypt data at Risk
“Most people only think about encryption when they are transferring data to a third party, but data that is sitting unused in storage is also at risk,” writes Andrew Wild. Make sure sensitive data stored on mobile devices, personal computers or even external hard drives is encrypted.
Use good password practices
As Andrew writes, “sensitive data is only as safe as the password you use to protect it.” Use passwords that are at least ten characters longer with some measure of complexity such as a mixture of uppercase and lowercase letters, numerals, and symbols. It is a best practice to change your password often and do not use the same password for everything.
Beware of social engineering
The most common example of social engineering is phishing. This is where you receive a cleverly crafted email that looks legitimate but is actually trying to get you to divulge valuable information such as passwords or install malware on your devices. Currently, this same type of practice is happening via phone too. If you feel something is suspicious, check with your company’s security team before proceeding with sending information.
Ensure you don’t have unnecessary access privileges
You may not need access to all the data on your company’s network. Limiting access has been shown to dramatically reduce the reach of a potential data breach, so if you discover you have access to data or systems that you don’t need in order to do your job, notify your tech team.