Discussing the 2015 Insider Risk Report with Felix Yanko, President of ServNet
When we were putting together our 2015 Insider Risk Report, we sat down with several Intermedia partners to get their take on the surprising survey results we found and to hear what they would recommend to solve the issue of risky employee behavior. Here’s the first interview of this series with Felix Yanko, President of ServNet.
Question #1: What do you think about the fact that the survey data shows Millennials as the biggest security threat compared to Baby Boomers and Gen Xers?
“With generational groups, I look at it this way: Baby Boomers are usually the people that use the default password given to them, or paste it on the keyboard. Millennials are more likely to forward emails, share files, or try to use newer technology to make their lives more convenient. They were brought up trading information. When we talk security with our clients, I rarely see the problem people being Boomers. It’s usually Gen X or Millennials. They are the ones experimenting, ‘hacking,’ using new tech.”
Question #2: Our data showed little difference between larger and smaller companies when it comes to risky employee behavior. What’s your take on that statistic?
“I was surprised that there wasn’t a difference between company size and security activity. Larger companies have more to spend on IT and security, so you would expect them to be more locked down than smaller companies—but then again, they tend to be the target of hacks.”
Question #3: What security impact do you see with the rise of the mobile workforce?
“Jobs used to be 9-5. Now, people are on their phones, working from home, working all hours, and that sets the stage for risky behavior. Companies unwittingly encourage it. Because who’s going to tell employees they can’t work from home? But they do that without thinking of the repercussions of letting employees access information from anywhere.”
Question #4: What do you think about the survey data showing that the IT pros are bigger security risks than other types of employees?
“IT has access to all of the applications so if there are any issues, it starts at IT. Poor passwords originate there, then get shared with five other people. And IT at small companies will take shortcuts because they can’t handle all the little things. And if they are lower end, they are focused on the trees and don’t see the forest.”
Question #5: We found that tenured employees were more likely to cause harm than newer hires. Does that ring true in your experience?
“The guy that’s been there 5 or 10 years is the guy that has his password written on the back of his keyboard. Unfortunately, those more tenured workers also have more access. Tenured people also tend to collect information. They want to have a copy of everything and don’t want to have it on a shared drive. They have hundreds of folders in their email structure. They’re information hoarders. And they are more likely to take that content with them when they go. And since we all have access to a lot more information to do our jobs, there’s more information for them to gather.”
Questions #6: Given all this risky behavior, what are some things that employers can do to stop it?
“Businesses and individuals need to be aware of the basics of social engineering— especially the older generation. Tech has gotten so far ahead of those folks. They don’t know any better, and then they get taken. I think that you need ‘street smarts.’ And I’m not sure if a company can really train that. They can help, but it’s hard to really get them to be careful. So for training, you aim to educate each person to their level, look at the risks they are committing and design the training to combat those risks. You have a conversation and point out the risky behavior and why it’s a problem. You have to really explain the risks, and make sure you gear it toward their technical level. I’m not sure if you can truly train them, but you can give them secure tools to combat a lot. Put technology in to protect these folks from themselves and protect the company from their behavior.”
To learn more about the security risks posed by employee behavior and how to protect your company, we encourage you to read our 2015 Insider Risk Report and follow the conversation online at #RiskiestUsers.