And What You Can Do About It
In June, 2018, Tesla CEO Elon Musk announced that one of Tesla’s own employees had been sabotaging the company’s software operating system and had stolen data for “unknown third parties.” The idea that an employee would hurt the company—it’s every CEO’s nightmare. It’s a reminder of how vulnerable companies can be, even to our own staff. Let’s discuss a few of the most common ways that employees intentionally (or even unintentionally) can wreak technological havoc for a firm.
Malicious Software, commonly known as “Malware,” includes any piece of software meant to damage a computer, delete data, or otherwise infect your device. Viruses, Trojan horses and Worms are types of Malware that can be downloaded onto a computer via a single click on a link, whether embedded in an email or a website. If your browser security isn’t sufficient, Malware can even be installed automatically, without the user aware it is happening.
And once Malware has been installed, it’s difficult to remove—especially replicating types like Worms—and may require a rebuild of your entire system.
However, Malware attacks can be prevented through a network security scanner. Training employees to be aware of these programs and to avoid clicking on links from unknown sources, paired with internet security programs, can also help avoid Malware attacks.
An employee could use external media, such as an USB or CD, in an act of cyber-sabotage. For example, an employee could use a USB for a “keystroke injection attack,” when a program secretly records every keystroke made on a computer. It then sends a report with all the typed-in information, like user names, device identification and much more.
Many organizations ban USB drives altogether, but if they’re critical for your company, you can train your employees to use only known devices and avoid ones given out at trade shows or left lying around in the office. Virus scanners can also be installed on employee computers to check devices.
Every time employees leave the workplace with a networked-phone, they walk out with access to company email, attachments, personal data and more. To combat the risk of exposure, companies should require that phones be password protected. Consider encrypting email and other sensitive data, and limiting access, or creating user logs. Enable a remote wipe feature, so that if a phone is lost or stolen, the data can be removed immediately.
Whether from internal or external threats, if you are concerned about network exposure or even physical security, contact us at Embark IT. Our staff of experts can evaluate your firm for any vulnerabilities and suggest new tech or other tools to protect your firm, so you can focus your attention where it should be: on innovation and growth.