We’ve all seen the disgruntled employee heading out the door. Maybe she wasn’t promoted and quit in protest. Perhaps he was mistreated by his boss and can’t take it anymore, so he acted out and was fired. Or maybe she got a better job, worked her notice period and is moving on to greener pastures. What is the likelihood that he or she will steal corporate proprietary data on the way out? According to Heimdal Security’s report: 59%. That’s right – 59% of people who quit or are fired steal corporate proprietary data on their way out the door.
When people think of cyber-risk, they tend to think only of 14-year-old hackers trying to get into banking systems for fun, but much more risk comes from a company’s everyday employees either mishandling data or purposefully using it in non-compliant ways. What’s worse, when there is a malicious or criminal attack, a global study from the Ponemon Institute found that the average organization takes almost six months to detect it in their systems! When such an attack occurs, 68% of the funds lost as a result are never recovered.
Social media can also be a problem. Shockingly, nearly 600,000 Facebook accounts are compromised every single day. What’s so bad about that? Well, other than the fact that people can log-in to numerous sites via Facebook log-in (some of which may have credit card details and other sensitive financial and personal information), some of the most popular new phishing techniques involve hacking into Facebook accounts to post links to what look like legitimate stories or pages online. Viruses, malware and ransomware can be transmitted from such sites, creating a huge amount of risk for corporate computer networks.
All this can be expensive. The most expensive computer virus of all time is believed to be the MyDoom virus, which cost $38.5 billion. It was sent via email, and when someone opened the link, the worm would send an email with the virus to every email address the program could find, as well as open up the computer for remote use and control.
We know that cyber-risk exists, so what should we tell our employees about it? The most important thing to do is to explain to them that spear-phishing emails are the biggest risk. Heimdal estimates that 91% of all cyber-attacks come from spear-phishing expeditions. Heimdal recommends telling your employees:
- Always check the recipient of an email and the source of a message.
- Don’t click any strange links in emails.
- Don’t install software from untrusted sources.
- Don’t trust people blindly and don’t give away confidential information to strangers.
Many of the best solution are the simplest. Create and enforce policies requiring complex, hard-to-crack passwords, and require passwords to be changed every 90 or 120 days. Teach employees about spear-phishing and the risks associated with it. Warn employees about the dangers of social media or limit its availability on work computers. With the proper protections now, you’re less likely to find out six months from now that your computers were compromised today.Cyber-Risk and Information Security Statistics That Made My Head SpinClick To Tweet
Kristy Grant-Hart the author of the book “How to be a Wildly Effective Compliance Officer.” She is Managing Director of Spark Compliance Consulting and is an adjunct professor at Widener University, teaching Global Compliance and Ethics. Previously, Ms. Grant-Hart was the Chief Compliance Officer at United International Pictures, the joint distribution company for Paramount Pictures and Universal Pictures in 65+ countries. She can be found at www.ComplianceKristy.com, @KristyGrantHart and emailed at KristyGH@SparkCompliance.com.