An employee receives a tele-meeting invitation from the company's president where they are required to input credentials to access the conference; the link was a phishing attempt and now an outsider has access to corporate networks and proprietary materials.
According to a report issued earlier this year from the Ponemon Institute, independent researchers on consumer trust, privacy and data protection, 62% of insider attacks come from negligent employees. And that was before the pandemic. Now, with vast numbers of staff working from home, careless employees may open new vectors for attack. To simplify tasks, workers may bypass security policies or they may not understand how to translate workplace procedures to the home environment.
Over the past few months, IT departments have been overwhelmed by the proliferation of COVID-19 related hack attempts and the mandate to secure a remote workforce. With reduced monitoring of employee activities along with mounting psychological stress and economic uncertainty, there is an increased possibility for an attack by a malicious insider. In a world that has been turned upside down by the pandemic, some employees may be feeling isolated from workplace structure and colleagues, which may further increase the possibility of inclined workers to go rogue.
Updated training delivered to all workers is a key strategy for mitigating insider threats – both from negligent employees and those with malicious intent. Working together to increase the security of a company’s intellectual property and sensitive information can become a uniting factor for today’s distributed workforce. In these unusual times, people are looking for guidance and employers have an opportunity to focus their attention on understanding and adhering to information security procedures and company policies regarding insider threats.
Click here to learn more about Insite’s COVID-19 Modular Workforce Training.