Skip to main content
search
0
All Posts By

Maria Gandola

Nov 14

Insider Threats Are Getting More Dangerous! Here’s How to Stop Them

By Cybersecurity No Comments

One of the most difficult types of attacks to detect are those performed by insiders. An “insider” would be anyone that has legitimate access to your company network and data. This would be via a login or other authorized connection.

Because insiders have authorized system access, they bypass certain security defenses. Such as those designed to keep intruders out. Since a logged-in user isn’t seen as an intruder, those security protections aren’t triggered.

There are three troubling statistics from a recent report by Ponemon Institute They illustrate the importance of addressing this threat. Insider attacks are getting worse, taking longer to detect and becoming more extensive. The report found that over the last two years:

  • Insider attacks have increased by 44%
  • It takes organizations 85 days to contain an insider threat, compared to 77 days in 2020.
  • The average cost of addressing insider threats has risen by 34%

It’s important for companies to understand what makes up an insider threat. That’s the first step towards mitigation.

4 Types of Insider Threats

One reason that insider threats can be hard to detect is that there is not just one kind. Employees, vendors, and hackers can all perpetrate insider security breaches. To further complicate detection, some may be malicious and others accidental.

Here are the four main types of insider threats faced by company networks.

Insider Threats Are Getting More Dangerous! Here's How to Stop Them
[Unsplash]

Malicious/Disgruntled Employee

A sales employee that is leaving the company may decide to take all their contacts with them. This is a malicious theft of company data.

Another example of this type of insider attack is a disgruntled employee. They may be upset with their manager who just fired them and decide to do the business harm. They could plant ransomware or make a deal with a hacker to give over their login credentials for cash.

Careless/Negligent Employee

Some insider threats are due to lazy or untrained employees. They don’t mean to cause a data breach. But may accidentally share classified data on a nonsecure platform. Or they may use a friend’s computer to access their business apps. Being completely unaware of the security consequences.

3rd Party with Access to Your Systems

Outsiders with access to your network are also a very real concern. Contractors, freelancers, and vendors can all constitute an insider breach risk.

You need to ensure that these third parties are fully reviewed. Do this before you give them system access. You should also allow your IT partner to review them for any data security concerns.

Insider Threats Are Getting More Dangerous! Here's How to Stop Them
[Unsplash]

Hacker That Compromises a Password

Compromised login credentials are one of the most dangerous types of insider threats.

This has now become the #1 driver of data breaches around the world.

When a cybercriminal can access an employee’s login, that criminal becomes an “insider.” Your computer system reads them as legitimate user.

Ways to Mitigate Insider Threats

Insider threats can be difficult to detect after the fact. But if you put mitigation measures in place you can stop them in their tracks. Being proactive keeps you from suffering a costly incident. One that you may not know about for months.

Here are some of the best tactics for reducing insider threat risk.

Insider Threats Are Getting More Dangerous! Here's How to Stop Them
[Unsplash]

Thorough Background Checks

When hiring new employees make sure you do a thorough background check. Malicious insiders will typically have red flags in their work history. You want to do the same with any vendors or contractors that will have access to your systems.

Insider Threats Are Getting More Dangerous! Here's How to Stop Them
[Unsplash]

Endpoint Device Solutions

Mobile devices now make up about 60% of the endpoints in a company. But many businesses aren’t using a solution to manage device access to resources.

Put an endpoint management solution in place to monitor device access. You can also use this to safelist devices and block unauthorized devices by default

Multi-factor Authentication & Password Security

One of the best ways to fight credential theft is through multi-factor authentication. Hackers have a hard time getting past the 2nd factor. They rarely have access to a person’s mobile device or FIDO security key.

Insider Threats Are Getting More Dangerous! Here's How to Stop Them
[Unsplash]

Couple this with password security. This includes things like:

  • Requiring strong passwords in your cloud apps
  • Using a business password manager
  • Requiring unique passwords for all logins

Employee Data Security Training

Training can help you mitigate the risk of a breach through carelessness. Train employees on proper data handling and security policies governing sensitive information.

Network Monitoring

Once someone has user access to your system, how can you catch them doing something wrong? You do this through intelligent network monitoring.

Use AI-enabled threat monitoring. This allows you to detect strange behaviors as soon as they happen. For example, someone downloading a large number of files. Or someone logging in from outside the country.

Need Help Putting a Stop to Insider Attacks?

A layered security solution can help you mitigate all four types of insider threats. We can help you with a robust yet affordable solution. Contact us today for a free consultation.

Nov 09

Everything You Need to Know About Microsoft Viva Sales

By Microsoft No Comments

Data entry is a real drag for salespeople. The time they spend on administrative tasks is time away from customer interactions. But data matters — it’s important to capture orders, quotes, needs, and more from your customers.

Lead and sales reporting help sales managers know where to direct their attention. Analytics also help drive more efficient ways of closing the deal.

Microsoft is taking up the mantle of this challenge by launching a new digital experience for sales teams. Microsoft Viva Sales application is part of Microsoft’s “Viva” line which includes things like Viva Insights for improved staff wellbeing, as well as Viva Learning for staff development.

The Viva apps are designed to make your life easier, by eliminating the most tedious tasks. They integrate natively with MS Teams and Microsoft 365 so you can automate processes that would otherwise take up too much of your time.

Viva Sales is a CRM (customer relationship management) app that can help sales teams stay organized and efficient. We’ll go through some FAQs about the program, its features as well as when you can get it.

What Is Microsoft Viva Sales?

Viva Sales is an application that will provide sales and lead insights. These data points are populated throughout Office 365, and Microsoft Teams— the focus of this app lies in cutting unnecessary manual entry for sellers so they can spend more time selling their product or service instead.

How Does Viva Sales Work? Is It a CRM?

Though it might seem like a replacement for your CRM, Viva Sales is NOT going to replace your normal CRM platform. Viva Sales is actually an app that connects to other sales-related apps and leverages data from those connections. This means you can spend less time sorting through paperwork by making use of all the information in one place!

Salespeople spend approximately 34% of their time on administrative tasks.

Viva Sales Basics

Some of the core advantages of Viva Sales are:

  • Eliminate forms: Data entry for sales professionals is greatly reduced, which frees them up to do more customer relationship building.
  •  Data Leveraging: Viva Sales is a powerful tool that integrates with multiple platforms. This integration allows salespeople to cross-reference data points and gain valuable insights, all within one platform!
  • AI-Driven Help: Salespeople will get AI-driven prompts. These recommendations and reminders assist them in the sales process along with the lead.

Interconnected Interface

All of the M365 applications include sales-specific data from Microsoft Viva Sales. Salespeople have access to necessary customer information wherever they are. Including, when using a Microsoft or non-Microsoft CRM or Outlook Calendar.

Image courtesy of Microsoft

Viva Sales Features

Tag to Capture Sales Interactions

Using someone’s “@name” to get their attention is referred to as tagging. Many cloud-based apps use this common software integration.  It’s also used within Microsoft 365.

Salespeople can use this tagging feature. They can use it to gather data for a prospect or customer from another M365 application. This involves adding a person by applying a tag for their Viva Sales name to a list of clients. The system will record the lead’s or customer’s contextual information.

Collaborate

With Viva Sales, working with your team on a sales prospect or customer is now simpler than ever. To copy and paste information into a message, you don’t need to look it up. Utilize the tagging feature to quickly populate lead information from Viva Sales.

Image courtesy of Microsoft

Also, opening or editing a lead or customer record is simple. There’s no need to find and launch another app. The process uses the fewest clicks possible to get you where you need to go.

Call Summaries & Integrated Data

Lack of understanding is one thing that both customers and salespeople hate. Suppose a salesman is unaware of a recent customer interaction.

This may occur when business communications systems isolate data from various sources. For instance, having a customer’s website chat session in one location and the messages from their phone call in another.

All of this client engagement data is compiled into a single view by Viva Sales. The salesperson can view call summary and record call action items.

Download & Customize

Salespeople that prefer an Excel view of their contact list is available in Viva Sales. You can also download lead and customer lists and customize the application per the organization’s needs.

When Will Viva Sales Be Available?

There is no specific debut date yet, but you can be sure that we will keep an eye on this as Microsoft has stated that Viva Sales would “come in Q4 2022.”

In the meantime, you can watch a video explaining the application on Microsoft’s site here.

Take Advantage of Microsoft Viva Automation

Microsoft created the Viva family of productivity-focused digital experience apps. These apps facilitate information discovery, foster a sense of community, and boost productivity for workers.

Microsoft created the Viva family of productivity-focused digital experience apps. These apps facilitate information discovery, foster a sense of community, and boost productivity for workers.

The ideal moment to explore those that have already launched and prepare for Viva Sales is right now.
For a free consultation on how to enhance your team’s digital experience, contact us right away.

Nov 04

Checklist For Better Digital Offboarding Of Employees

By Cybersecurity No Comments

The departure of an employee leaves behind a trail that can be used by hackers to steal company data. In order for businesses to protect themselves, Digital Offboarding must happen before they leave the workplace so as not give up any advantages over potential competitors or informers within your organization who may have had access while working there.

When an employee leaves a company, there is a process that needs to happen. This is the process of “decoupling” the employee from the company’s technology assets. This digital offboarding is vital to cybersecurity.

Checklist For Better Digital Offboarding Of Employees
[Pixabay]

It is crucial to secure your company’s data. 20% of surveyed businesses have experienced a breach from former employees and it can have serious consequences for you as well!

The digital offboarding process is a critical step in reducing risk for former staff members. This checklist will help you cover all your bases and protect company data from potential hackers.

Your Digital Offboarding Checklist

Knowledge Transfer

Vast corporate knowledge can disappear when a person leaves an organization. It’s important to capture this during a digital offboarding process. 

Checklist For Better Digital Offboarding Of Employees

[Pixabay]

This could be something as simple as what social media app someone used for company posts. Or it may be productivity leveraging. Such as the best way to enter the sales data into the CRM.

You must make sure to do a knowledge download with an employee during the exit interview. Better yet, have all staff regularly document procedures and workflows. This makes the knowledge available if the employee is ever not there to perform those tasks. 

Address Social Media Connections to the Company

It may be time to address any social media connections of the former employee. Was their personal Facebook account used in connection with your company’s page? Do they post on LinkedIn too, or other sites where you have an official presence as a business figure?

Identify All Apps & Logins the Person Has Been Using for Work

In today’s world of Bring Your Own Device (BYOD), there are many ways employees can use their own devices for work purposes. As you might expect, this opens up new security risks that must be mitigated before they become problems.

If you don’t already have a list of all the apps and website logins that an employee uses for work, make sure your HR or IT department document these. You may also want to explore ways in which these can be addressed – either by changing their login credentials on certain applications if it’s necessary (or) exporting data from them before closing them down completely so no more information gets lost than necessary.

Checklist For Better Digital Offboarding Of Employees

[Unsplash]

Change Email Password

When an employee leaves, their account should be closed and the password changed. This will prevent them from accessing company information or emailing as a former representative of your business —which could cause major problems if they have access to customer data.

Change Employee Passwords for Cloud Business Apps

The best way to protect your company data is by changing all other app passwords. People often access business apps on personal devices, so just because they can’t log in anymore doesn’t mean you should let them remain active with old accounts.

In order to simplify the process of changing passwords, you can use a single sign-on solution. This will lock them out regardless if they’re using an app or browser on their phone – just one click and it’s all done!

Checklist For Better Digital Offboarding Of Employees

[Unsplash]

Recover Any Company Devices

Make sure you recover any company-owned devices from the employee’s home. Remote employees are often issued equipment to use, so it is important for a manager or IT team member assigned as their “contact person” in order manage these items properly when they leave your company.

Do this as soon as possible to avoid loss of the equipment. Once people no longer work for a company, they may sell, give away, or trash devices.

Recover Data on Employee Personal Devices

When companies offer Bring Your Own Device (BYOD) policies, they save money by cutting down on expensive hardware costs. The downside is that it can be more difficult to offboard these devices.

Companies need to make sure that all company data is backed up on any device they use. If you don’t already have a backup policy in place, now would be an excellent time create one!

Transfer Data Ownership & Close Employee Accounts

Closing old employee cloud accounts is a great way to save money and keep your company safe. Imagine if you had left that unused account open for six months before realizing something was wrong? The criminal could’ve hacked into their data as soon as they gained access, stealing all sorts of information about clients or even committing crimes with it.

Checklist For Better Digital Offboarding Of Employees

[Unsplash]

Revoke Access by Employee’s Devices to Your Apps and Network

By using an endpoint device management system, you can easily revoke any employee’s devices from a list of approved devices. Remove the former employee’s device from any approved device list in your system.

Change Any Building Digital Passcodes

Be sure to change any physical access codes for the building, such as digital gate or door passcodes so the person can no longer gain access.

Need Help Reducing Offboarding Security Risk?

The process of addressing digital offboarding becomes easier and less risky when you take proactive measures. Contact us today for a free consultation to enhance your cybersecurity.

Close Menu