2014 was filled with headlines about cyber breaches and data leaks, from the data breach at Neiman Marcus to the hack at Sony Pictures Entertainment. The Online Trust Alliance, a nonprofit group, studied over 500 data breaches that occurred between January and June 2014. Their findings showed that 90% of the data breaches that occurred in this time period could have been prevented.
According to the OTA’s 2015 Data Protection Best Practices and Risk Assessment Guide, 29% of data breaches between January and June last year were caused by employees. Although 40% of data breaches were caused by external intrusions, employees also maliciously and accidentally leaked personal information. According to the OTA, a lack of internal controls resulted in the data leaks caused by employees who lost documents, or used social engineering/fraud to access and leak information.
The OTA says that businesses forget to focus on basic internal security because they are overwhelmed with the news of external threats. One way to keep data secure is to partition user accounts and prevent them from accessing all data. Employees should only be able to access the data they need to do their jobs. This is to prevent employees from accidentally sharing confidential information, but this also keeps a company’s data safe if the employee acts maliciously. Earlier in January, an employee at Morgan Stanley stole confidential data from the 350,000 clients and offered the information up on Pastebin for a price.
Another way to keep data secure is by educating employees about phishing scams. Phishing emails that look like they come from a trusted source often trick people into entering their log-in information, or clicking on a link that downloads a virus. Last March, Gmail users received an email titled “Documents” that led to a fake Google Drive landing page. The page looked authentic and users were tricked into entering in their email IDs and passwords. According to Google’s study on phishing scams, 45% of people are fooled by phishing emails.
Promisec Integrity leverages the flexibility and scalability of the cloud to offer businesses cyber security that will not only protect from them from external threats, but internal as well. Promisec Integrity’s multitenant cloud security solution offers the same agentless functionality as Promisec Endpoint Manager, but through a browser interface. Businesses can enable antivirus and patch management validation, and use the program to discover unauthorized software on their networks. This will help companies monitor the programs that employees are installing on their computers. Employees may accidentally install unsafe software, or run software that needs a patch update. Promisec Integrity can identify this unauthorized software, along with advanced malware and non-compliant systems. Poor endpoint security can compromise a company’s confidential data. With Promisec Integrity, companies can monitor their networks for threats and ensure that their networks are protected from both internal and external threats.