Employees comprise the greatest security threat to companies in myriad ways. Here’s what companies can do
The cyber community is buzzing about artificial intelligence (AI), machine learning, 5G and the other new technologies expected to emerge in the next decade. Members are dreaming up potential benefits and pitfalls, and, of course, talking about how these could initiate a whole new host of security issues.
In discussing the issues that 5G might present, authors Tom Wheeler and David Simpson made an interesting point in a recent article for Brookings, writing, “To build 5G on top of a weak cybersecurity foundation is to build on sand.”
For all the technological opportunity 5G offers businesses, the harsh truth is that connecting billions of new devices to the internet will open up billions of new threat vectors, presenting a nearly impossible monitoring problem for any company over a certain size. That’s why the best way to address these potential threats is by starting from the inside out: with the employees themselves.
In a new report conducted by the Ponemon Institute, insider threats cost U.S. businesses an average of $11.45 million per year. Employee negligence—such as falling for scams—was the reason for 63% of those incidents, while incidents related to a criminal insider was the reason for 23%.
There are actions businesses can take to reduce these risks. For example, educating individuals on how to identify scams and safeguard their accounts, both professional and personal, with strong passwords is one way to mitigate employee negligence. Background checks are a good way to keep criminals out—hence, why 96% of employers say they conduct at least one type of pre-hire check.
What about those employees who aren’t simply making mistakes, but rather are malicious or hiding financial or criminal problems, making them vulnerable to exploitation? More must be done to prevent these forms of insider threat, and a good place to start is understanding what drives someone to commit or become actively involved with crime within the organization.
Usually, it all boils down to stress. When people steal valuable sensitive information, physical company property or even money itself, it’s often found that those individuals were experiencing pressure or problems at home, in the workplace or both. Such pressure sometimes stems from sudden and unforeseen expenses, an illness they or a loved one is experiencing or managers or coworkers who they feel are not treating them fairly.
So, how can businesses protect themselves against insider threats, especially if they don’t have control over all the circumstances in an employee’s life? The answer is a workforce assurance platform with two specific capabilities: continuous evaluation and anonymous reporting.
Much like its name suggests, continuous evaluation is a technological security solution that actively alerts employers to signs of employee stress. It can identify if an employee has any run-ins—however minor—with the law, as well as indications of material financial stress.
Anonymous reporting gives employees the ability to clue business leaders in to concerning behaviors that may not otherwise be discovered, such as someone’s stress manifesting as a verbal or physical attack on another employee. It also increases employees’ odds of sharing such information. When anonymous reporting is part of a workforce assurance platform, employees don’t have to worry about being seen walking into Human Resources. And because their identity is protected, they can rest assured that their information will be kept confidential—a concern for the majority of respondents to one recent insider threat survey.
With the insights afforded by continuous evaluation and anonymous reporting, business leaders can see, and therefore prevent, potential security threats before they happen. They can have HR engage individuals in conversation about what’s going on. They can make accommodations or referrals that might help. And, ultimately, they can make sure they have a strong security foundation that’s prepared for whatever comes next.