Internal threats to data security.
One often overlooked and more complex aspect of data security is internal threats. In this video, we will take a deeper look into some ways you might be vulnerable to a data breach from the inside.
Physical security.
If you're one of those people who like to leave their passwords on sticky notes, you may want to throw them away or at the very least store them in a lockable drawer or filing cabinet. Though many attacks are likely to happen through digital mediums, keeping sensitive physical documents secured is vital to the integrity of your company's security system.
Simple awareness of the risks of leaving documents, unattended computers, and passwords around the office space or home can reduce the security risk. By implementing a clean desk policy, the threat of unattended documents being stolen or copied can be significantly reduced.
Mobile device security.
The changing landscape of information technology has improved the ability for flexible working environments. And along with it more sophisticated security attacks. With many people now having the option to work on the go using mobile devices, this increased connectivity has come with the added risk of security breaches.
The advent of malicious mobile apps has increased the risk of mobile phones containing malware, which could potentially lead to a security breach. Mobile devices should always have sensitive information password protected, encrypted, or with biometric authentication in the event of the device being lost or stolen. The safe use of personal devices is necessary training for any employees who work on their own devices.
Social media use.
Many of us today share large parts of our lives on social media — from holidays to birthdays, and sometimes even snapshots of our work. But oversharing can lead to sensitive information being available, making it easy for a malicious actor to pose as a trusted source. Educating employees on protecting the privacy settings of their social media accounts and preventing the spread of public information of your company will reduce the risk of the potential leverage that hackers can gain from this access to your personal network.
Intranet and email use.
While the internet and email are the backbone of e-commerce and business in general these days, they do pose some risks that are important to be aware of. Some employees may have already been exposed to data breaches by using simple or repeat emails from multiple accounts.
Often websites offer free software infected with malware. Only downloading applications from trusted sources is the best way to protect your computer from malicious software. Educating employees on safe internet habits should be a key part of any IT induction. Though some may see this training as obvious, it is a key part of a robust security program.
Many large websites have had large data breaches in recent years. If your information has been entered into these sites, it could have been made public, therefore exposing your private information. To help prevent insider threats from affecting your organization, it's critical you and your privacy officers know the warning signs of insider threats, so you can understand how insider threats can happen.
Remote work environments.
In 2021, the obvious need for remote working led to many companies taking drastic steps towards full-time work-from-home policies. Remote working can be positive for companies and empowering for employees, promoting increased productivity and greater work-life balance. Unfortunately, the threat of malicious actors does not stop when you leave the workplace.
Many companies allow their employees to use their personal devices for work, which is a great cost-saving method and allows flexible working. However, there are risks associated with this. Personal devices can risk the integrity of the company's network — if, for example, login details are compromised or malware is installed on the device due to lower levels of device security. To keep your workstation safe, personal devices that are used for work purposes should remain locked when unattended and have antivirus software installed.
Now that we've identified internal threats to your organization, let's take a look at some ways your organization might be affected from the outside.
This concludes this section of Accountable security awareness training. You must answer the following questions to move on to the next section.