As the world becomes more and more digitally connected in our personal lives, our businesses, and even our schools, it’s no surprise that new risks are arising. It’s easy to think about the external threats that find their way into our networks and computers, as hackers and data thieves are finding sophisticated ways to pilfer what they need.
But what about internal threats? According to research, more than 40 percent of senior executives and small business owners report that employee negligence or accidental loss was the main cause of recent data breaches and security problems within a company. More companies are realizing the importance of practicing better technology habits as well as data security, cyber liability insurance, and education around protecting information and resources.
Here’s a look at a few different types of negligence issues that can arise as well as a look at some recent internal problems that opened the door to major security breaches in corporate America.
Innocent Actions
Not all internal culprit problems happen because someone is out to get the company they work for. In fact, innocent workers can cause as much damage as malicious actors who steal information or resources from a company. Human error, even small errors, have led to many data breaches and security issues over the years, highlighting the need for more education around this. From mobile phones being lost, letters being misaddressed, to open cabinets that hold sensitive data, there are a number of simple things that can lead to big problems.
Being Careless
Anti-virus security notifications are needed for a reason as a majority of them go unnoticed or are acted on. When a security warning flashes up, employees should be trained to look into them and inform the right person besides just clicking “X” and moving on. Ignoring these notifications and warnings could lead to some major breaches. Even just leaving your company’s door wide open could mean more and more problems like having records available for anyone to see online.
Malicious Intent
Malicious actions by employees have always played a role in companies seeing big-time breaches and security concerns. In some cases, former employees can gather data either at once or over time, causing a bleeding out of important information. This is where cyber liability insurance can help a company who is affected by this kind of breach after the fact, helping to supply the right kind of protection to get back not only the financial loss obtained but the reputational loss.
Examples of Major Breaches
- Target: In 2013, retail giant Target fell victim to a major third-party credential theft by a credit card vendor. The credential access allowed by negligent employees let the hackers take advantage of vulnerabilities in Target’s payment systems and gain access to a customer database and install malware. From there it was simple for the hackers to obtain things like social security information, financial data, emails, addresses, and more.
- RSA: In 2011, employees of security firm RSA clicked on targeted phishing emails which led to a massive dump of more than 40 million employee records. Two hacker groups with a foreign government sent out a phishing attack at RSA employees, pretending to be co-workers and contacts who could be trusted. The irony here is that RSA was widely-known as a top security vendor. The attack showed that any company, in any industry, can succumb to employee negligence issues.
About Financial Guaranty Insurance Brokers
Since 1983, Financial Guaranty Insurance Brokers has distinguished itself as a provider of Professional Liability, Cyber Liability, and Crime insurance products for entities of all types. To receive timely, personalized service from a knowledgeable and experienced staff, call us today at (626) 793-3330 to speak with one of our professionals.