While many companies work diligently to guard against external cyber threats, a number of banks are taking steps to protect themselves from another dangerous, yet equally damaging source — their own employees.
According to the Association of Corporate Counsel, at least 30 percent of data breaches during 2015 were caused by seemingly harmless employee errors. To the unknowing employee, a simple click of the mouse could expose information or clues to those looking for an opportunity to breach even the most high-tech security systems.
In response to this staggering risk, banks have developed a number of “internal” cybersecurity protections designed to guard against the unmindful employee, including a ban of all portable USB drives, as such devices can be easily lost or stolen. Employees are now warned to monitor their social media content, and to avoid sharing their job title or responsibilities, as hackers can use this information to assess ideal avenues for attacking the system. Moreover, “out-of-office” messages are to be used sparingly within email systems, as they alert hackers when a computer may not be monitored and therefore, an easy target. Banks are also warning employees to avoid photographing work documents on mobile phones as these can be uploaded accidentally, remotely accessed by hackers, or unprotected should the phone itself be stolen. Finally, banks are working diligently to prevent the unwitting employee from emails containing “spear phishing attacks,” which take place on a daily basis. Due to the gravity of such hacking attempts, many banks run employee drills for response rates as well as test employees as to their ability to catch such suspicious emails.
As attackers continue to exploit new means of access to sensitive information and systems, we should expect to see an increased spending on not only external cybersecurity protection, but also increased internal protection, including protection from their own employee’s actions in the upcoming year.