Close to 50% of all corporate cybercrimes are facilitated by insiders.
- Teach employees to click cautiously when opening unfamiliar emails. Small businesses are a huge target for email phishing scams. Fake emails from Amazon, photocopiers, fax machines and Administrators bombard office networks all the time. One click can unleash a beast that bypasses security and causes all kinds of damage. In previous years, Russian hackers used this tactic to compromise the official Whitehouse email servers – proof that anyone can fall for this trick.
- Keep an eye on employees who seem bitter or dissatisfied. When people feel underpaid, slighted out of a raise, or otherwise desperate for money their loyalties can change. They may be prone to do something detrimental to the company or assist an outside adversary. Revenge comes in many forms — and most insider-driven cybercrimes start this way.
- All non-business online activities should go through the guest network. This applies to visitors and staff.
- Ban the use of unauthorized USB devices on the network. This is often easier said than done. Typically this requires an IT person to set up controls to manage (or block) their usage. USB storage devices (flash drives, external drives, SD cards) can easily get infected on outside computers and then introduce viruses onto your network, allowing hackers to bypass many security safeguards.
- If you can’t stop ‘em, use ’em. Without a firewall that blocks content, keeping employees from sneaking onto Social Media websites during office hours is like trying to prevent hay fever in spring. Find ways to reward them for using that Facebook and Twitter time to help promote your business. Be sure the staff knows what should and shouldn’t be discussed on social media websites.
- Make employees aware of social engineering techniques. Hackers know that the right phone call to an unsuspecting employee can bypass more security than months of skillful hacking. Employees should be trained to recognize these con games. Think of this like teaching street smarts and “Stranger Danger” for the office.
- Make sure your customers know that your company will never request personal information by email. Although this isn’t an inside job, cybercriminals have been known to spoof emails from a company to contact their customers and ask for account information, social security numbers, passwords and etc.
- Avoid browsing websites and processing online orders using the same computer. This includes clicking on unfamiliar links in orders received by email. All it takes is clicking on a bad link and an infected computer instantly becomes a compromised computer. That’s why a click inside the wrong email can open a customer database up to hackers.