Don’t underestimate your employees

Danger lies within.

It’s amazing that despite all the hiring practices businesses use to make sure they get the best employees; trouble always reveals itself within a company more often than not.

Take this recent McAfee survey, for example, which found that not only are businesses experiencing more targeting by cyber-attacks from outside the companies themselves, but that employees are also an increasing source of these attacks.

One the one hand, this isn’t really anything new. The KPMG fraud surveys have shown Australian business owners for years that plenty of businesses leave themselves open to this type of exploitation.

Some of the statistics are alarming. The average financial fraudster is a male, in his 30s, works in management and has been at the company for several years. He’s trusted. Not someone you would expect taking away millions of dollars. And yet, as famous cases have shown, this is exactly what happens.

Now, when it comes to the IT infrastructure in your company, how does internal fraud pay a part? What does this McAfee survey have to say about your own company?

At first thought, it’s a ridiculous notion. Business owners say there’s no way that any of their employees could conduct a cyber-attack of some kind. And you know what? They’re right. They probably couldn’t.

But it’s important to remember that “cyber-attacks” come in all shapes and forms, and someone attacking the business from the inside isn’t going to take down the website. After all, why would they? It would more than likely give them away.

No, the cyber-attacks coming from within your business are likely to be people who want cash. They’re exploiting weaknesses in the company’s system in order to find information that could benefit them. As a result, they’re stealing login details, accessing credit card information and then possibly using that for whatever purposes they want.

What does this mean? For SMEs, security inside the company needs to be taken just as seriously as security outside the business. This means keeping a strict detail of who can access what, and at what times. Any time anyone accesses a database, you need to be able to find out about it.

It’s tempting to look at these types of statistics and think they are an exaggeration. But if financial fraud statistics have taught businesses anything, it’s that employees with an opportunity may find a motive. You don’t want to take that chance.

COMMENTS