Should You Trust Your Employees with the Keys?

Every company has data that is valuable to someone, and that means every company is at risk for data theft. It isn’t a question of “if” – it is a question of when the next attack will occur. Unfortunately, the most common method of gaining access to sensitive information is through your employees. After all, every employee with a phone or computer has the keys to your business. The good news is that comprehensive prevention methods can be implemented to thwart most attacks – but only if your staff members commit to security measures.

Common Data Theft Techniques: Who’s at Risk?

While most of your staff members wouldn’t knowingly risk your company’s confidential information, sophisticated scammers have developed creative ways to trick them into allowing network access. Social engineering fraud is all too common. The data thieves send an email or make a call that appears to come from a legitimate source – a senior leader, a member of the IT staff or an HR contact – then use the assumed name and position to persuade employees to hand over sensitive data.

Even tech-savvy employees can fall victim to one of these schemes, as they are designed to pressure targets into quick action before there is time to validate the request. For example, hackers posed as the CEO of Snapchat to fool a payroll employee into handing over employee tax data. They were successful, because the email emphasized an urgent need for the information and the employee failed to confirm the authenticity of the request in a rush to provide the information quickly.

In recent months, a sophisticated phishing attack showed Gmail users how easy it is to hand over information to criminals without a second thought. The scheme generates an email from one of the victim’s contacts, using a fake attachment to fool people into entering user ID and password information into a realistic but fake Gmail login page.

Penetration Testing: Hiring Skilled Professionals to Steal Your Data

Though it can seem counter-intuitive, paying someone to steal your data is an important part of your comprehensive security plan. Professional penetration testers pull out all of the stops to test your security measures, making their best effort to gain access to sensitive information. They use detailed knowledge of hackers’ methods to duplicate their techniques, learning exactly where your company is vulnerable. The benefit of this service is simple: once the experts have found any weaknesses, you have an opportunity to implement a fix before the issue is discovered by an outsider who means you harm.

Taking Action: Identifying and Mitigating Risk

Of course, your investment in penetration testing is money wasted if you don’t take action on the findings. First, share the results with staff members. Most will be shocked by how easy it was to be a victim of a data theft scheme, and you will have their commitment to preventing future attacks. An analysis of employees’ knowledge gaps should lead to retraining on missing skills, followed by additional penetration testing over subsequent months to ensure that skills have improved.

Xact IT Solutions offers advanced network security services for small and medium-sized organizations. We are a Philadelphia-based technology services company that provides advanced business IT support. Our skilled professionals are available 24 hours a day to ensure you have the support you need anytime, day or night, so you can focus on running your company.