With all the recent news chatter about Russian and Chinese infiltration into our networks, most individuals are left to believe that some deep dark web foreign criminal is on standby to corrupt our companies, steal our trade secrets or rig our elections.

But would it surprise you, according to IBM Cyber Security Intelligence Index, that 95% of the cyber security breaches are due to accidental human error? That’s right – your employee got into a sensitive file and shared it with the wrong person. Or inadvertently opened a malware PDF that took down the whole system. Or, did a “Sean Spicer” by tweeting their passcode for the world to see when they thought they were sending a direct message to one person.

Regardless, whether it was unintentional or purposeful, the cost to any business is huge. This year alone the corporate world will spend $388 billion dealing with and recovering from cyber breaches that were caused by current or former employees.

A recent survey of 4,500 CIOs by Harvey Nash/KPMG, confirms this is what we are all learning:

  • 60% believe employees are not knowledgeable of the company’s security risks,
  • 55% said a security breach was due to a malicious or negligent employee, and
  • 32% of those surveyed had been a victim of a cyberattack in 2016.

While all of this sounds grim, and you may want to put your hands in the air and say, “What’s the use?”, there is some good news for all businesses from the entrepreneur to the enterprise. And I am here to share it with you!

This blog post will detail the steps needed to minimize your company’s risk for a cyberattack.


4 Safe Steps Toward Cyber Security


  1. Hire an outside firm to complete a security risk assessment.
    This assessment will identify, in detail, the potential vulnerabilities to the company. In addition, this evaluation will encompass three major areas:

    1. The data that must be protected,
    2. Where this data resides, and
    3. Who has access to it.
  2. Once this evaluation is completed, the next step is to start restricting access to the data: the principle of least privilege.
    Every employee should be interviewed to understand exactly what they need to access to do their job. All other access should be denied in order to prevent malicious or accidental loss of files and data.
  3. Train employees on security protocols and how to handle sensitive data.
    Employees need to understand how vital it is they follow procedures and the consequences of not following them. Train and then test your employees on their knowledge level. Continue to test them throughout the course of their employment to reinforce your protocols.
  4. Hire an outside agency to vet IT personnel.
    You may or may not have the technical wherewithal to identify if a potential employee can help or hurt your company in the cyber arena. Hiring an outside firm to ask all the right questions can give you and your team the peace of mind they need.


About Shellproof Security

At ShellProof Security, we focus on the needs of small to mid-sized business. The reality is one data breach can put your company out of business.

We work with you to complete all the items listed above from a detailed risk analysis to vetting potential employees. Contact us today for more information!