With large security breaches becoming a more consistent phenomenon, many companies are looking for ways to keep from being the next victim. One of the most intense concerns has been unethical employees – a person in a position of trust can do a lot of damage.
The facts of these breaches tell a different story. Relatively few incidents of damage or data loss have been due to bad faith actions on the part of workers; much more often, they are misled by promises of time-saving programs or deceived by criminals into revealing valuable credentials. Even the best intentions can lead to serious problems.
To combat these trends, the most useful tools are good security practices. Use a quality antivirus program to make sure that visiting one bad website won’t provide foreign access. Train your people to recognize when someone is trying to con them- someone on the lookout is much less likely to fall victim to a con artist than someone who isn’t informed about how often they turn up. Additionally, manage the information available to your employees. This final one serves to reduce the amount of damage that a breach can do, whether it is caused by accident, ignorance, or even malice.
Much of this is just the old saws of the security and insurance industries, but in the digital age it’s taken on a new urgency. The ability to ransom, destroy, or corrupt infrastructure from half a world away has made basic security measures less than optional.