The last year has been a phishing and ransomware whirlwind.  A little less than a year ago, we talked about how more than 150,000 businesses had been targeted by ransomware, and the ransom demands were rising to upwards of $5,000.  Since that time, ransomware has gone from a novel, highly technical concept to a $400 purchase which people with relatively little technical skill can deploy to a list of email addresses.  With so many ransomware emails showing up in inboxes, it’s easy to forget that internal network security threats are serious, too.

Despite these external threats, it’s only been two years since Intel released their report on data breaches which found that 43% of all data loss was due to internal actors.  Half of this 43% was intentional data theft from employees or contractors.  The other half of the data theft was unintentional, such as taking customer information off of the corporate network and onto their personal devices because employees don’t know better or don’t believe data security policies are important.

Keeping your data safe is more than preventing phishing attacks and other external threats; it’s also about managing your internal threats.  Here are three things you should be able to say about your network administrators in order to feel confident that they are doing what can be done to keep your data safe:

My network administrators are ethical and strongly disincentivized from data theft or misappropriation.  Network administrators have unparalleled access to your company’s data.  Anyone serving in this capacity needs a demonstrated track record of keeping important data safe and respecting confidentiality.  Ideally, multiple network administrators can serve as a check on each other, ensuring they aren’t accessing data in any suspicious ways.  If you are hiring a Managed Service Provider, those with established reputations and dozens of employees have much to lose, which helps to ensure they will have checks in place to prevent bad behavior.

My network administrators are up-to-date on best practices for keeping proprietary data from leaving my network.  Tools to keep data where it belongs are becoming more and more sophisticated over time.  Networks can be designed to prevent data from migrating off the network, and user policies can be set to ensure data security.  That’s not to say data migration will always be prevented; security and accessibility often come up against each other in businesses, and many businesses will choose to provide employees some flexibility on how they use and access less sensitive data in order to help those workers be more efficient.  But network administrators should stay up to date on the many options available to businesses to best balance security and accessibility for data with different levels of sensitivity.

My network administrators have trained my employees on data security policies and why they are in place.  Remember that half of all internal data theft is accidental, such as an employee taking customer information off of the corporate network and onto their personal devices because they don’t know better or don’t believe data security policies are important.  This is why it’s also important to ensure that your network administrators are training users on your data policies.  Just as important, they should be explaining why they exist, and how the company (and its employees) could be hurt if data is stolen and used against the company.  Users are much more likely to adhere to data policies rather than try to work around them if they understand and respect the reasons those policies are in place.

To learn more about what you should be doing to keep your data safe, call us at 919-779-0954 or email Team_WingSwept@WingSwept.com