Internal threats to your cyber security
Guest post by Clear Risk Solutions
Many view cyber risk as a danger that exists outside of their organizations, but some of the biggest threats to security can actually come from within. They’re internal cyber security threats. One of the best ways for a hacker or scammer to gain unauthorized access to sensitive information is by way of authorized personnel – in other words, your employees or volunteers. They are the guardians of your organization’s security, finances and reputation. If a cyber criminal can convince even one of them that their claims or inquiries are legitimate, the damage that can ensue can be devastating.
When it comes to cyber security, a good defense is a good offense. Wherever your organization currently falls on a readiness scale (from completely unprepared, to prepared), here are some items to consider when developing best practices and a safety protocol for your employees:
- Ensure access to personal information is restricted by job position.
- Employ a lead information and/or lead security officer (or equivalent) on staff and perform regular data back-ups.
- Ensure your policies include sections on information security and privacy.
- Provide regular security training to all people who have access to personally identifying information, whether in paper or electronic format.
- Install anti-virus and encryption software on all computers and maintain via a central resource.
- Issue users unique IDs and passwords when accessing your internal network. Change passwords regularly, with a maximum of 90 days between changes.
- Keep hard copy files containing personal information in a separate and secure area, such as locked file drawers or a locked office.
- Develop and post document destruction policies with staff roles.
- Make sure payments for fees, donations, or bills are kept in a secured location with limited access, e.g. a locked drawer, office, or safe.
Download this article on internal cyber security threats as a PDF and share it with others.
This information is provided by Clear Risk Solutions on an “as is” basis with no guarantees of completeness or accuracy. Arrowhead Tribal assumes no responsibility or liability for any errors or omissions in this content.