Knowledge Base:  
You are here: Knowledge Base > Blog Posts
Avoid the "Inside Job" Data Breach
Last Updated: 07/20/2018

Avoid the "Inside Job" Data Breach

By Stacey Vanden Boogart-Romenesko

The last few years have been filled with highly publicized data breaches. Even if you were not one of the hundreds of thousands of victims in these large scale attacks, you could not miss the media coverage. These breaches have brought the conversation of information security out of the data center and into our homes, however recent research shows this hasn’t translated to awareness when we're considering internal and external threats to business data security. A 2013 Forrester study reported that 58% of data breaches in SMB's stem from inadvertent misuse of data by employees or simple loss or theft. According to a 2013 Symantec and Ponemon Institute Global Cost of a Data Breach Study, only 37% of data breaches are attributed to malicious attacks, while the remaining 64% are human and technology errors. Although the media continues to focus on the external threats, such as hackers and malicious viruses that rob intellectual property, we need to turn the spotlight on the internal threats that put our businesses at risk.

As "bring your own device" (BYOD) practices become more commonplace, employees are accessing sensitive business data across many platforms, from their cell phones and tablets to home computers and laptops. With mobile technology moving at breakneck speeds, IT managers must navigate an ever-changing landscape of threats on a diverse array of devices in our infrastructures.

The first step in securing data from the inside is to "secure your perimeter." This means not only identifying all endpoints in which employees are accessing your network and data, but also enforcing the implementation of secure data practices. A written security policy should identify best practices to address security gaps such as:

  • Unauthorized or unsecured synchronization software for email, calendar, contacts, etc.
  • Unsecured Bluetooth or wireless connectivity.
  • Outdated OS service packs, networking, PBX, or internet-facing systems.
  • Remote data management if an employee's personal device is lost or stolen.
  • Outdated or non-existent antivirus software.
  • Lack of encryption on systems handling web, email, or instant messaging traffic.

While a business can implement BYOD and security policies for devices accessing sensitive data, many IT professionals find enforcement much more difficult. This is where employee training is important to close any gaps in your infrastructure. In fact, according to the same Forrester report, only 57% of North American and European SMB employees surveyed were aware of their organization's current security policies, and only 42% had received any training on their workplaces security practices. Employee training can help to address:

  • Ensuring employees use strong, complex, passwords and store them in a secure manner.
  • Identifying and avoiding phishing attacks.
  • Keeping up to date on system patches and updates.
  • Using appropriate data management practices so sensitive data is stored in the appropriate, secure, location.

Of course, after securing the perimeter, one must put up a strong barrier to external attacks. IT professionals can limit exposure to unwanted internet traffic by implementing a firewall and only opening the specific ports necessary to run your business. Server operating systems, such as Microsoft Windows Server, offer security tools to disable unnecessary ports, services, and roles. One may also add an additional layer of security by segmenting their network using a DMZ for external facing services such as email, web, and DNS servers.

Finally, many SMB's may find that a managed services provider (MSP) or cloud provider is a stronger, more cost effective method to securing their sensitive business data. MSP's and cloud services bring enterprise-class security practices to your mission critical systems, without the overhead or expertise required to implement such technology in your own systems. Are you ready to minimize network vulnerabilities that have direct implications on your business? Please consider Security Consulting Services from Aventis Systems. We offer assessment and testing services to proactively identify threats, provide and implement security best practices, and provide training for in-house personnel.



Was this article helpful?

Comments:
 

Related Articles
 > Doc. I Don’t Feel Good. I Will Tweet You My Symptoms!
 > IT is the biggest stolen asset from businesses. Where do you keep I.T.?
 > Platinum is I.T.’s Best Friend
 > What’s In Your Datacenter?
 > Warranty, It’s Easy as 1, 2, 3
 > A Clouded Space
 > Small Business Recruiting Tips for an Improving Economy - Part I
 >
 > Small Business Recruiting Tips for an Improving Economy - Part II
 > Boosting Productivity in Virtual Machines
 > Dell PowerEdge Server Advancements: R720 vs R710
 > Saving BIG Money With Hardware Configuration & Maintenance
 > Smart Startup Funding Strategies From a Seasoned CEO
 > HP ProLiant Server Advancements: DL380 G7 vs DL380p G8
 > Resell, Repurpose, Recycle, & Donate! The Right Ways to Decommission Technology.
 > Is Now the Right Time for SMBs to Fully Embrace the Cloud?
 > 3 Tips to Optimize Your SMB IT Infrastructure
 > Virtual SAN 101
 > Which RAID Array is Best For Your Applications?
 > DAS, NAS, or SAN? Storage Interface Options for All Business Types
 > How to Protect Your Business from Cyber Attacks
 > Avoid Data Loss Panic with a Solid Data Recovery Plan
 >
 > Think Outside the (Storage) Box for Your Disaster Recovery Plan
 > Why Consider Virtualizing Your Network?
 > 2014 in Review: IT Tips & Trends
 > Putting a Price on Critical Business Data
 > Company Culture Trumps All
 > Microsoft Windows Server CAL Licensing Summary
 > Transforming Small & Mid-Size Businesses with Dell PowerEdge Servers
 > Transforming Small & Mid-Size Businesses with Dell PowerEdge Servers
 > Which Dell Server Generation Is the Right Fit?
 > Your 2015 Cloud Computing Roadmap
 > Team Necessities for Successful SMB CEOs
 > Dell PowerEdge 11th Generation Servers for SMBs (R710, R610, T610)
 > Dell PowerEdge 12th Generation Servers (R720, R620, T620)
 > Which Cloud Platform is Best for Your Small Business?
 > Dell PowerEdge 13th Generation Servers (R730, R630, T630)
 > Top 3 Cloud Best Practices
 > Selection Tips for Office 365 Education Plans
 > Choose the Right Server for Your SMB
 > Office 365 Licensing Guidance for Government Agencies
 > Go Green: Properly Dispose of IT Equipment [Infographic]
 > Software to Power Your Business
 > Networking for SMBs: Setting Up Your IT Network
 > The Tech Savvy CEO - Helpful Advice to Handle IT
 > Personal Computing for Your SMB