Let’s talk about inside-job cyber-attacks.
How much of what we hear is just a rumour, or is it time to consider inside-job cyber attacks to be a real threat to business?
Last month, we featured a blog on how some cybersecurity threats end up being an inside job. As if to illustrate our point, the Labour Department has just had one of their employees arrested for hacking the Department of Employment and Labour’s server.
Department of Labour Gets Hacked by Sandton Employee
Unbeknown to the Department of Employment and Labour, one of their team members at the Sandton Labour Centre hacked into their server, compromising the login details and personal information of over 300 employees. The attack occurred on the 21st of January.
When the Compensation Fund Anti-Corruption & Integrity Management team was alerted to the hack, immediate action was taken.
The employee who carried out the attack was quickly identified, and was arrested on the 24th of January, just three days after the cyber-attack took place. A criminal case and in-depth investigations into the hacking are still underway.
This incident only serves to reiterate just how important it is to have security measures intact, both for external cyberattacks as well as those that could just as easily originate from within the business.
The real issue is, it would seem that more and more cybersecurity threats are inside jobs, and you can no longer assume the honesty or integrity of staff and colleagues. As a business owner, you need to implement security mechanisms to protect your business, yourself, and other employees.
What to Do When One of Your Own Turns on You
If you believe that employees are targeting your business, you need to work on a strategy that deters such behaviour. Your strategy should serve to expose those who are determined to behave in such an unscrupulous manner. Below are a few things you can do:
- Set policies in place as to how staff members can use company laptops, computers, and other devices; Block specific URLs, and also ensure that employees are not permitted to take devices home.
- Make sure that your employees are well educated on the possible cybersecurity risks that they might encounter. An educated employee makes fewer mistakes that might lead to a cyber-attack.
- Track employees on the network. Make sure that employees have to access all systems with a username and password so that you can see which files they are accessing and what they are doing on the system.
- Make sure that you have a backup system that automatically backs your data up to the cloud, daily. This means that any sensitive data on the device can be deleted or cleaned so that it doesn’t put your business at risk (or tempt hackers).
Last Word
Whether you run a small, medium, or large business, backing up your data is an essential part of your security efforts. Implement the above tips/recommendations and your business stands a better chance of defending itself against internal cyber-attacks. Make sure that you treat internal cyber risks just as seriously as you treat external threats.