Many companies think they have good IT security to protect them from external attacks but are still vulnerable to insider threats.
A worrying statistic recently highlighted by Globalscape suggests that insider threats represent nearly 70 per cent of all data leaks experienced by organisations.
Common problems are the failure to keep systems and software up to date and not knowing what’s coming into – or going out of – your network.
The use of plain file transfer protocol (FTP) tools downloaded from the internet is also very risky. There’s often no data encryption which makes it an open doorway for hackers.
A managed file transfer tool (MFT) is the best alternative. It controls different systems and security layers all in one place and helps you to manage network activity by allowing or blocking IP addresses and providing real-time reporting and email alerts, for example.
Bad practice by users
There’s also a growing insider threat from the Internet of Things (IoT)
Many companies ring-fence external threats by putting all external-facing network activity into a DMZ zone – which takes its name from the military term “demilitarised zone”. Sadly, this can only isolate threats that attempt to attack an organisation through the mail servers and other external-facing tools that sit there.
A digital camera is just one example of the many IoT devices people now use which are directly connected to the internet and don’t necessarily enter your local area network via the DMZ. This means the innocent download of holiday photos or a team building video onto your work PC doesn’t face the same “border controls” as files passing through the DMZ.
The risk is you may import botnets and other nasties which lie hidden for months – even years –before unwittingly being involved in a distributed denial of service (DDoS) attack on a third party.
Provide the proper tools
The use of personal devices at work and downloading Plain FTP tools from the internet may be a symptom of a bigger problem as the report by Globalscape suggests. It could be a sign that you may not have provided your employees with the tools for them to do their jobs properly in the first place.
Gary Jowett from Computer & Network Consultants in Brighton says: “The threat from within can cause a major incident for your organisation which badly disrupts operational efficiency and causes a data breach that incurs a big penalty. That’s why it’s important to seek objective advice from an IT consultant to get a proper health check of all your IT security procedures and processes.”