When it comes to your company’s cyber security, you probably think that your biggest threat comes from hackers. You might imagine someone in a darkened room on the other side of the world working to penetrate your company’s important data and financial records.
What if a hacker isn’t your worst nightmare? What if the cyber breach you’ve been worried about happens right in your own back yard, through your own network, at the hands of one of your employees?
The threat you might not have been looking for is the Cyberslacker. An employee using a smart phone, tablet or even a company-issued laptop or computer could be your biggest threat.
What is a Cyberslacking?
Cyberslacking (also known as “goldbricking” or “cyberloading”) is defined as an employee that uses company resources such as the internet for personal reasons during business hours. This is not a new term. Newsweek first mentioned it a 1999 article citing lost productivity.
A study by the American Management Association estimated that only about half of all workplace internet usage was business related, resulting in billions of dollars in lost time and revenue. Over the years that number has ballooned, reaching an estimated $650 billion through 2012.
While lost revenue due to productivity is a huge concern, it isn’t the only concern you may be facing. Data breaches due to cyberslacking can cause even more damage than previously thought.
Some Breaches Are Unintentional
Employees using company internet connections for personal use can sometimes inadvertently expose your business network to risk. Downloading pictures or documents, even watching videos or listening to music through your network from personal email or websites can result in Trojan horses, worms and viruses.
These downloaded files can create holes in your network security, allowing for hackers to intrude into your private business data. They can take your data hostage, freeze your network, or delete sensitive information vital to day to day operations.
Most business networks, once breached, cannot stop the spread of the virus through the network. If the virus or worm reaches the main server it can be transmitted to other computers on the network through regular business use.
Some Breaches Are Intentional
While not as prevalent as unintentional cyber security breaches, the intentional breach could be even more damaging. Intentional breaches can happen in one of two ways: current employees or disgruntled former employees.
A 2009 American Management Association study found that employees admitted to emailing company data to third parties, sent client credit card information and social security numbers to third parties and transmitted private health information. In fact, a recent SailPoint survey found that 1 in 7 employees would be willing to sell passwords for as little as $150.
Disgruntled former employees can also be an issue. Failing to disable access to company networks and vendor websites allows unauthorized access that could be damaging. In 2013 a former social media editor for Reuters was indicted for conspiring with a hacking group to access his former employer’s website and alter information.
There Are Ways To Protect Your Business from Cyberslackers
South Carolina recently implemented a total social media ban for state government employees, which may seem like a great idea in light of employee cyber security breaches. However, some evidence suggests that social media and internet breaks can make employees more productive. A happy medium between a total ban and 100% personal internet usage at work can be found in one or more of the following ways:
- Talk to your employees about cyber security.
- Create and implement an internet usage policy
- During business hours
- After hours on company property
- After hours at home while logged in to the company network
- Create and implement a social media usage policy.
- Change your passwords regularly
- Use tools like LastPass to stay organized
- Maintain a current (and secure) list of who has access to which password
- Plan regular audits of your cyber liability
- The digital world is moving fast; this isn’t a “once and done” exercise
Even with the best laid plans, security breaches can still occur. Check with your insurance broker to determine whether your cyber liability is covered under your current business insurance policies, and to get advice on how to best manage your risks.