When you think insider threat, you probably visualize the worker who got fired for missing 11 straight days of work and then threw a temper tantrum in the hallway when informed that they no longer had a position of employment there. Or, you might think about the rather sneaky soul who just appeared in the parking lot with a brand new Mercedes (though their W-2 indicates they make about $44,000 per year) and a Rolex watch. But those aren’t your most significant threats. The real problem you have is — wait for it — your loyal and trusted (and trustworthy) CEO, CFO, and other top level exec. Here’s why.
Executives Have a High Level of Access
The executive has the keys to all the kingdoms. The only problem with this is when those keys get stolen.
The first thing that puts executives in the crosshairs of attackers and phishing scam artists is their level of access. Unlike the grunt workers who may have access to only a single system to do their jobs, no IT person who likes their paychecks would dare block access of any system to the top dog. When hackers get access via these accounts, they literally have no-holds-barred access to the system.
Executives May Be Unaware of Company and IT Policies
While workers are drilled day in and day out of the rules and policies for system access, the executive is not. Executives may not even be aware of policies regarding mobile device access, password strength, the use of the same password for multiple accounts, and other issues that are imposed on the other workers.
Executives May Be Ignorant of Ordinary IT Practices
Executives are well versed in closing deals, public relations, and how to yell at people who don’t do their jobs. Tech security? Not so much.
Executives are usually not tech-savvy. Their strength is ineffective leadership and they likely have an impressive body of knowledge about the industry you’re in. But the probably don’t have a good understanding of the standard IT practices that keep systems safe and secure from outside intrusion.
Executives are Easy Prey for Social Engineering
Executives today are expected to have all of the social media profiles — LinkedIn, Twitter, and even Facebook accounts are the norm. Many also have Wikipedia pages, especially if you work for a notable company or if the business has landed in the headlines at any time. These profiles give the executive an “approachable” public persona and provide the corporation with a human face. They also provide the hacker or identity thief with all the information they need to social engineer an effective phishing scam.
Executives are Frequent Travelers
Executives are also the most likely (aside from perhaps your traveling sales force) to find themselves in hotels, motels, public Wi-Fi hotspots at cafes and restaurants, and areas of the world where hacking and thievery is even more problematic.
Executives Lack Accountability
Who is going to tell the top executive what (s)he can or can’t do? Probably not the CIO, and definitely not you. Executives are the most obvious targets for phishing attacks, but the least likely to be called out for practices and habits that could land them (and the whole organization) in hot water.
What can the IT department do about the risks posed by and to the executives? Regular backups are a great start. By backing up frequently and thoroughly, you at least have a starting point for restoring systems if a breach does occur. Contact us at Backbox to get your backup solution started today.