Best practice for IT security: How to build a company that's secure from the inside out against cyber attacks

 
Richard Walters
Cybercrime
"As people stay longer with a company, they get more comfortable" (Source: Getty)

Not a day goes by without data leaks, hacked email accounts or compromised corporate networks hitting the headlines. The topic has become the new front line for businesses - a battleground between malicious hackers and security experts that shows little sign of stagnation.

Businesses are investing billions every year defending against external attacks and protecting their assets. But any defence is only ever as strong as its weakest link and for every organisation, this is their staff.

There is no greater risk to sensitive company information than human error or negligence. The director of the CIA could tell you a story or two about this, having recently been hacked after downloading confidential information onto his private email account. An unusual lapse for someone who has worked with the intelligence services for nearly 40 years.

Read more: We have to prepare our youngsters for cyber battle

A company's longest-standing and most loyal employees also pose the biggest IT security threat, as revealed in a new report on an organisation's riskiest users. As people stay longer with a company, they get more comfortable.

They become complacent, because they’re still doing the same job even as IT and technology are advancing around them. Tenured employees are most likely to neglect IT security guidance by using personal passwords for business applications and keeping hard copies of their passwords, increasing the likelihood of intruders gaining access to the company systems.

Ironically, those employed to keep watch and ensure a company's IT security is tight are the worst offenders. IT generally has the poorest security habits of any department within a company.

Read more: One in five cyber crime victims believe hackers targeted them specifically

But while these results are concerning, there are steps that UK businesses can take to reduce the risk of falling victim to insider breaches. Employees are a company's first line of defence but they also need to be aware of the security threats out there in order to avoid them. Staff training should be constantly refreshed to ensure it stays in line with evolving threats.

Equally, companies need to stay on top of the game themselves and implement dynamic security policies that evolve in step with technological advancements. This approach will give employees clear guidance on what they should and shouldn't be doing. Finally, users should always only have access to documents that are in direct relationship to their function and role. If disaster strikes, intruders won't get very far and the data at the very heart of the business is still protected.

IT security best practice clearly can't just rely on fending off external threats alone. Companies also need to put stronger emphasis on internal threat prevention in order to build a business that's secure from the inside out.

City A.M.'s opinion pages are a place for thought-provoking views and debate. These views are not necessarily shared by City A.M.

Related articles