Mary is an office manager for a dental practice. One day she opened an attachment in an email called “lab invoice”. This unleashed months of devastating stress, downtime, financial loss and decreased patient confidence. Today’s ransomware can both steal and delete your data.
Cybercriminals know how to trick you and your team, and they’re getting even better at it during the pandemic. Dental data breaches are happening every day and it’s hard for dentists and their teams to keep up.
Social engineering is a tactic used by online scammers to trick people into giving over their credentials, personal or business information, or access to computers and data.
Today more than ever, the bad guys are winning. Your employees are being challenged, especially via email, and those team members can be liabilities to the safety of your business data.
They are master storytellers, preying on our good-heartedness, emotions, or fear. As much as 90% of successful breaches are a result of phishing emails where social engineering tactics have been used. With these stats, this most certainly makes our employees a threat, even if they are good people with good intentions.
Just look at the CIRA State of the internet reports.
But what about if they don’t have good intentions? And how would you know?
Internal breaches can be intentional or unintentional. Insider threats can be malicious (deliberately causing damage) or accidental (making mistakes, forgetting to secure something, or otherwise accidentally causing damage).
They can be anyone.
It’s not just the everyday employees or higher-ups! An insider threat may be a contractor, a consultant, a vendor or a former employee.
They may have different motivations.
Money may not be the only obvious motivation. Malicious insiders may be motivated by perceived slights, political or religious leanings, job dissatisfaction or revenge.
They may act out of the ordinary.
They seek to work unusual hours, ask for access to restricted information or brag about sudden, mysterious financial windfalls.
Sometimes they will violate policies.
Insiders violate policies by definition, either knowingly or unknowingly. Policies are put in place to protect customers, data and the company, and an insider’s damage to the company will violate those policies.
Create and enforce security policies and procedures.
Accidental insiders can cause breaches not through malice, but because they make mistakes. Following established procedures, and noticing when procedures aren’t followed by others, can prevent potential mistakes. Here’s help.
Report suspicious behavior. If someone is acting suspicious or dangerous, management needs to know. Share your concerns with your supervisor. By reporting small signs, you could stop a problem before it becomes a disaster.
Practice good physical security and cybersecurity.
Maintain a clean environment, lock up sensitive documents and password-protect and encrypt important files.
Ensure everyone has unique login credentials for auditing purposes. Only use remote access tools which have reporting and audit trails
Know the signs of a disgruntled employee.
Is someone picking fights with coworkers or angling to get fired? A disgruntled employee is one who may become an insider threat.
Get training for both your team and especially you managers.
Todays cyber threats are coming at small businesses from every angle. It’s true you need great policies and procedures, but annual security awareness training is critical to ensure your team can defend your data.
Anne Genge – Certified Privacy & Cybersecurity Professional
Her motto ‘no geek speak’, coupled with her humour and great story-telling, has made Anne one of Canada’s leading cybersecurity and privacy educators. Anne has dedicated her career to helping healthcare practice and small business owners understand technology, how to leverage it, and more importantly, how to do it safely. Over her 20+ years as an educator and tech innovator she has earned global awards for her efforts. Anne keeps the client as her ‘true north’ in how she creates affordable and effective tools and training for privacy & data security. Anne is on a mission to help everyone understand online threats and be able to defend themselves at home and at work when using technology. Reach out to Anne for speaking engagements, training, and consulting.
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn