Intelligent CISO Issue 9 - Page 67

decrypting myths Seven top tips on how to prevent and cope with an insider threat An inside job brings up images of bank raids and heists but in the modern world companies should be thinking just as seriously about the cyberthreat coming from within their own business, says Tom Huckle, Lead Cyber Security Consultant, Crucial Academy. T he possibility that a breach or a cyberattack could be down to an employee or former employee is growing all the time. It could be a malicious attack from a disgruntled member of staff who has recently been sacked or who has a grudge against the business, for instance. But more often the threat comes from the unintentional actions of untrained employees which put the business at risk and create cybervulnerability. It is well known that a high percentage of data breaches are down to human error or lack of awareness and cyberpredators are ready to take advantage. Here are seven key tips to preventing an inside job – and dealing with it efficiently if the worst happens. . . . | Issue 09 1. Start with the basics – train your staff to spot a phishing email Phishing is an extremely simple scam which is easy to avoid with the correct training. However, approximately 94% of malware enters a network via this method. Phishing emails are becoming more sophisticated, deliberately targeting staff with messages that appear to be addressed to them individually from clients or suppliers. Many include attachments which mimic anything from invoices to tax documents. Conducting fun, interesting and easy- to-implement staff training on a regular basis is key. 2. Ensure former employees do not have access to files and systems A fired employee can be a significant insider threat if they are able to access 67