几个月前,联邦调查局以美国历史上最大的安全漏洞起诉了一名前政府承包商。这位前 NSA 承包商承认窃取了超过 50 TB 的机构文件。不幸的是,这种内部攻击不是第一次,也不会是最后一次。
根据 BetterCloud 进行的一项新研究,对您的业务最大的安全威胁可能不是网络犯罪分子或黑客活动家,而是您组织中已经存在的某个人。在接受调查的 500 名 IT 和安全专业人员中,绝大多数 (91%) 表示,无论他们的行为是恶意的还是意外的,他们都感到容易受到内部威胁。
任何形式的数据丢失对组织来说都是代价高昂的。想象一下,如果恶意员工将您的商业机密泄露给竞争对手或在线披露您的客户记录。网络攻击会损害消费者信心和股东价值。如何防止员工数据被盗?
组织正在收紧安全政策以防止网络犯罪,但内部威胁可能难以检测。内部人员进行恶意攻击的动机各不相同。
以下是三种以 HR 为重点的策略,可帮助您减少内部威胁:
#1 了解您的招聘方式。您可以通过进行适当程度的尽职调查来最大限度地降低员工风险。彻底的背景屏幕可以揭示危险信号,例如资格可疑或因不当行为而被前雇主解雇。
#2 了解你的员工。在 NAPBS 调查中受访的雇主中有 60% 仅在招聘过程中进行背景调查。就业前筛查可捕捉一个人的财务和专业背景的即时快照。重新筛选是一种很好的做法,尤其是当您在 IT、采购和 HR 等高风险职能部门提拔员工时,他们通常可以访问敏感数据和系统。
#3 扩展筛选政策。员工并不是唯一可以访问机密信息的内部人员。承包商和业务合作伙伴也可能将您的数据和系统置于风险之中。到 2022 年,接受世界经济论坛《2018 年就业未来报告》调查的雇主中有 64% 可能会将工作外包给外部承包商。为了保护您的公司,请考虑包括扩展劳动力在内的筛选政策。
GOOHO 是亚太地区领先的背景和身份服务提供商。我们的使命是让世界变得更安全。与我们联系,了解我们如何与您合作,充满信心地招聘。
According to a new study conducted by BetterCloud, the biggest security threat to your business likely isn’t a cybercriminal or hacktivist, but someone already in your organisation. The vast majority (91%) of the 500 IT and security professionals surveyed said they feel vulnerable to insider threats, whether their acts are malicious or accidental.
Any form of data loss can be costly to the organisation. Imagine if a malicious employee leaked your trade secrets to a competitor or disclosed your customer records online. Cyber-attacks can damage consumer confidence and shareholder value. How can you prevent employee data thefts?
Organisations are tightening security policies to prevent cybercrime, but insider threats can be hard to detect. The motivation for insiders to carry out malicious attacks vary.
Here are three HR-focused tactics to help you reduce insider threats:
#1 Know how you hire. You can minimise employee risk by undertaking the right level of due diligence. A thorough background screen can reveal red flags such as dubious qualifications or termination from a previous employer due to misconduct.
#2 Know your employees. 60% of employers interviewed in the NAPBS survey only conduct background checks during the hiring process. Pre-employment screening captures a moment-in-time snapshot of a person’s financial and professional background. Rescreening is good practice, especially when you promote employees in higher-risk functions such as IT, procurement and HR where typically they’ll have access to sensitive data and systems.
#3 Extend screening policies. Employees are not the only insiders who have access to confidential information. Contractors and business partners may also be putting your data and systems at risk. By 2022, 64% of employers surveyed by the World Economic Forum for The Future of Jobs Report 2018 are likely to outsource work to external contractors. To protect your company, do consider screening policies that include your extended workforce.
Sterling RISQ is the leading background and identity services provider in APAC. Our mission is to make the world a safer place. Get in touch with us to learn how we can partner with you to hire with confidence.