Insider Threats Are Getting More Dangerous! Here’s How to Stop Them
One of the most difficult types of attacks to detect are those performed by insiders. An “insider” would be anyone that has legitimate access to your company network and data. This would be via a login or other authorized connection.
Because insiders have authorized system access, they bypass certain security defenses. Such as those designed to keep intruders out. Since a logged-in user isn’t seen as an intruder, those security protections aren’t triggered.
There are three troubling statistics from a recent report by Ponemon Institute They illustrate the importance of addressing this threat. Insider attacks are getting worse, taking longer to detect and becoming more extensive.
The report found that over the last two years:
It’s important for companies to understand what makes up an insider threat. That’s the first step towards mitigation.
One reason that insider threats can be hard to detect is that there is not just one kind. Employees, vendors, and hackers can all perpetrate insider security breaches. To further complicate detection, some may be malicious and others accidental.
Here are the four main types of insider threats faced by company networks.
A sales employee that is leaving the company may decide to take all their contacts with them. This is a malicious theft of company data.
Another example of this type of insider attack is a disgruntled employee. They may be upset with their manager who just fired them and decide to do the business harm. They could plant ransomware or make a deal with a hacker to give over their login credentials for cash.
Some insider threats are due to lazy or untrained employees. They don’t mean to cause a data breach. But may accidentally share classified data on a non secure platform. Or they may use a friend’s computer to access their business apps. Being completely unaware of the security consequences.
Outsiders with access to your network are also a very real concern. Contractors, freelancers, and vendors can all constitute an insider breach risk.
You need to ensure that these third parties are fully reviewed. Do this before you give them system access. You should also allow your IT partner to review them for any data security concerns.
Compromised login credentials are one of the most dangerous types of insider threats. This has now become the #1 driver of data breaches around the world.
When a cybercriminal can access an employee’s login, that criminal becomes an “insider.” Your computer system reads them as the legitimate user.
Insider threats can be difficult to detect after the fact. But if you put mitigation measures in place you can stop them in their tracks. Being proactive keeps you from suffering a costly incident. One that you may not know about for months.
Here are some of the best tactics for reducing insider threat risk.
When hiring new employees make sure you do a thorough background check. Malicious insiders will typically have red flags in their work history. You want to do the same with any vendors or contractors that will have access to your systems.
Mobile devices now make up about 60% of the endpoints in a company. But many businesses aren’t using a solution to manage device access to resources.
Put an endpoint management solution in place to monitor device access. You can also use this to safelist devices and block unauthorized devices by default
One of the best ways to fight credential theft is through multi-factor authentication. Hackers have a hard time getting past the 2nd factor. They rarely have access to a person’s mobile device or FIDO security key.
Couple this with password security. This includes things like:
Training can help you mitigate the risk of a breach through carelessness. Train employees on proper data handling and security policies governing sensitive information.
Once someone has user access to your system, how can you catch them doing something wrong? You do this through intelligent network monitoring.
Use AI-enabled threat monitoring. This allows you to detect strange behaviors as soon as they happen. For example, someone downloading a large number of files. Or someone logging in from outside the country.
A layered security solution can help you mitigate all four types of insider threats. We can help you with a robust yet affordable solution. Contact us today for a free consultation.
Article used with permission from The Technology Press.
Microsoft 365 is the most popular of all major office productivity software. It has 48.8% of the global market share, just edging out Google’s apps, by a couple of percentage points.
It’s used by individuals, small & mid-sized businesses, and larger enterprise organizations. It does everything a modern office needs. Including from word processing and spreadsheet work to cloud storage and video conferencing.
Because Microsoft 365 is such a vast platform, with over 20 apps in total, it can be easy to miss helpful features. People tend to stick with what’s familiar. But this often causes them to miss out on time and money-saving bonuses in M365, beyond the core apps.
Some of the many apps you get, depending on your subscription plan, include:
Want to get more value from your subscription? We’ll go through some of the most helpful apps and features in Microsoft 365 that you may now know about
We’ve all been there at one time or another. You know there is a way to do something in an app, but you can’t find it in the menu. For example, trying to change your margins in Microsoft Word to give you more space on the page.
You can stop wasting time clicking through one tab after another, and instead, use the search box at the top. It’s not just for searching for help topics. You can use a search to quickly jump to settings like margins, page orientation, and many more.
Most businesses need to have nice-looking images from time to time.
They’re used on websites, brochures, and presentations. But finding good business images can be expensive.
You can’t just do a Google search to find them because they may be copyrighted. You need to have images that you can use commercially without any problems.
Inside the Word, Excel, and PowerPoint you have a treasure trove of images. These are free to use in your marketing. You also have videos, icons, and even 3D models, all there for the picking.
Find them by going to Insert > Pictures > Stock Images
Use the tab at the top to tab between the different media. Then, click to insert it directly into your document, spreadsheet, or presentation.
Researching things like the population of a city or the nutrition value of a new menu can take days. Did you know that inside Excel you have access to several databases?
You can leverage facts and figures stored inside Excel’s “data types.” They include topics on everything from chemistry to yoga poses. Use data types to populate tons of data in seconds for various topics.
· Start by adding your list (e.g., a list of menu items).
· Highlight your list.
· Then, click the Data tab.
· In the Data Types window, choose the type of data it is (e.g., Food, Plant, etc.).
· Next, click the small database icon that appears at the top of the list.
· Choose the type of data you want.
· The details will populate into the next open column on the right for each list item.
Microsoft Forms is one of the best-kept secrets of M365. This cloud-based survey and form builder makes it simple to send out surveys to people. You get the results back as soon as they click “submit” on the cloud-based form.
You can even download the results directly to Excel. Using them for graphing or uploading them into a software template.
Do you worry when it comes time to give a presentation to clients or your own team? Not everyone feels comfortable about public speaking, even if it’s virtual.
PowerPoint can help with a handy AI-powered feature called Presenter Coach. Turn this coach on when practicing your presentation. It will give you tips on your pacing, use of filler words (e.g., umm), repetitive language, and much more!
Look for the “Rehearse with Coach” option on the Slide Show menu.
Do you have certain emails you send to customers that have the same paragraphs of text in them? For example, it might be directions to your building or how to contact support.
Stop retyping the same info every time. Outlook has a feature called Quick Parts that saves and then inserts blocks of text into emails.
· Create a Quick Part by highlighting the text to save in an email.
· On the Insert menu, click Quick Parts.
· Save Quick Part.
When ready to insert that text into another email, just use the same menu. Then click to insert the Quick Part.
Keyboard shortcuts are great for saving time. But there’s not always one there when you need it. One handy keyboard shortcut to add for MS Word is to paste as text only. This method removes any formatting that copied text might have had so your document isn’t messed up.
Here’s how to make a keyboard shortcut for this:
In Word, click File > Options.
Microsoft 365 has many security-enhancing, time-saving, and dollar-saving features. Learn how else we can help by scheduling a consultation today.
Article used with permission from The Technology Press.
Cloud file storage revolutionized the way we handle documents. No more having to email files back and forth. No more wondering which person in the office has the most recent copy of a document.
Between 2015 and 2022, the percentage of worldwide corporate data stored in the cloud doubled. It went from 30% to 60%. A majority of organizations use cloud storage of some type. Typical services include OneDrive, Google Drive,
Dropbox, and others.
But just like the storage on your computer’s hard drive, cloud storage can also get messy. Files get saved in the wrong place and duplicate folders get created. When employees are sharing the same cloud space it’s hard to keep things organized. Storage can be difficult to keep efficient.
Disorganized cloud storage systems lead to problems. This includes having a hard time finding files. As well as spending a lot of extra time finding needed documents. It’s estimated that 50% of office workers spend more time looking for files than they do actually working
Has your office been suffering from messy cloud storage? Does it seem to get harder and harder to find what you need? Review the tips below. They include several ways to tidy up shared cloud storage spaces and save time.
One person in an office might choose to name a folder by client name. Another person might use the type of industry.
When people use different naming structures for folders, it’s harder for everyone. They often can’t find what they need. It also leads to the creation of duplicate folders for the same thing.
Use a universal folder naming structure that everyone follows. Map out the hierarchy of folders and how to name each thing. For example, you might have “departments” as an outer folder and nest “projects” inside.
With everyone using the same naming system, it will be easier for everyone to find things. You also reduce the risk of having duplicate folders.
When you have too many folders nested, it can take forever to find a file. You feel like you must click down one rabbit hole after another. When people need to click into several folders, it discourages them from saving a file in the right place.
To avoid this issue, keep your file structure only two to three folders deep. This makes files easier to find and keeps your cloud storage more usable.
The more folders people have to click into to find a document, the more time it takes. Folders can quickly add up as employees create them, not knowing where a file should go.
Use a rule for your cloud storage that restricts folder creation to 10 files or more. This avoids having tons of folders with less than a handful of files in them. Have someone that can act as a storage administrator as well. This can then be the person someone asks if they’re not sure where to store a file.
File storage can get disorganized fast when people save files to a general folder. We’re all guilty from time to time of saving to something general, like the desktop on a PC. We tell ourselves that we’ll go back at some point and move the file where it should be.
This issue multiplies when you have many people sharing the same cloud storage space. Files that aren’t where they belong add up fast. This makes it harder for everyone to find things.
Promote the slogan “take time to save it right” among the staff. This means that they should take the extra few seconds to navigate where the file should be to save it. This keeps things from getting unmanageable. If you use a file structure that’s only 2-3 folders deep, then this should be easier for everyone to abide by.
Use Folder Tags or Colours for Easier Recognition
Many cloud file systems allow you to use colour tagging on folders. Using this can make a folder or group of folders instantly recognizable. This reduces the time it takes to find and store files.
For example, you could colour all folders dealing with sales as green. Folders for marketing could be orange, and so on.
The brain can make the connection to a topic faster when you look at a colour than when reading through text.
Files get created at a dizzying pace these days. The more files you add to a cloud storage system, the harder it is to sort through to find what you need. This is true even if the file storage is well organized.
Keep older files from making it harder to find new ones. Do this by decluttering and archiving on a regular basis. This involves having an admin delete any unnecessary files once per month. For example, duplicate files or old draft versions of a document.
You should also have an archiving system in place that puts all older files in one big archive folder. This keeps files that aren’t actively used any longer out of the main file path.
Is your cloud storage doing what you need it to do? Do you have a disconnection between cloud storage and your other apps? We can help. Reach out and let’s chat.
Article used with permission from The Technology Press.
Copyright © 2022 Oak MSP. All Right Reserved.
hello@oakmsp.co.uk ❘ Tel. 0115 6971 903
Suite 2800 37 Westminster Buildings, Theatre Square, Nottingham, United Kingdom, NG1 6LG
Company Number 14369745, VAT Number GB 427 1161 22