As we continue to watch the global fallout of the leaking of the NSA’s secret surveillance of everything from phone calls to Facebook, one of the more interesting and perhaps disturbing revelations was that the embarrassing leak of top secret U.S. spying operations came from a trusted insider.
What was perhaps even more disturbing was the fact that the alleged whistle-blower had largely unsupervised access to some of the biggest U.S. intelligence secrets, in spite of the fact that he was only on the job for a few years and actually started as a facilities security guard.
It’s a reminder that so many threats can come from places we don’t expect, and even trust the most, and that for many organizations their next big security breach could already be on their payroll. Just last week we talked about how the majority of recently reported data breaches, more than 60%, were traced to the actions of insiders. And while most of those incidents were probably as a result of mistakes or negligence, small businesses can never rule out the potential risk to their business if an insider becomes malicious.
Insider attacks can be devastating for small businesses. In one of the first big high-profile identity theft cases, a former employee at a small software company in New York caused more than $100 million in losses when he used his access privileges to download thousands of consumer credit reports and sell them to identity thieves.
He was apparently disgruntled after he was fired by the business owner, and still had access to so much sensitive information because his boss simply forgot to cancel his password.
If you want to minimize your exposure to risks like this, there are a number of simple steps you can take:
While eliminating the insider threat is an important step of cyber security. It is also important to put in place precautions to safe guard against potential infections they may spur. One great example of this is a website scanner that can monitor for and clean infections. T0 learn more about this type of solution visit SiteLock today or call 855.378.6200.