We’ve all read horror stories about cyber attacks on websites and social media accounts. Chances are your information has probably been compromised on social media or another place.
In our era of social media and the internet, it can take a big team to successfully manage website content, social media channels, and traditional media. With so many avenues to watch, it’s easy to let something slip past your notice. The consequences could spell trouble for your company.
Your company's website is one easy target. As the gatekeeper of your website, you likely have cybersecurity measures in place to prevent outside hackers from attacking your website. You may have caught a story here and there about websites that have gotten hacked [Read Macon County’s story of a Guy Fawkes scare].
But what if the threat came from inside your company?
3 Threats That Put Your Website At Risk
These security incidents can cost your company money, reputation damage, and even make it liable for legal action.
1. MALICIOUS EMPLOYEES: The wolves in sheep clothing. Your employees who have access to your company’s website could be an insider threat. Should the need arise to terminate their employment, and he or she becomes retaliatory, may take aim at your website to delete information, post erroneous information, or play another nefarious trick.
2. QUALITY CONTROL: Say you’re about to launch a new logo. The CEO makes it clear you can’t launch it until a specific day and a specific time. But your website content editor doesn’t understand that. Or thinks it got changed. Or got the date wrong and ends up publishing your new logo a week before the launch. Employee errors happen.
3. DATA BREACHES: It's critical that you lock down information related to data privacy, such as personal information (PII) or health information. Misuse of privileges can occur when employees don’t take precautions with sensitive data. This could expose your company to legal action.
Really? Should I Be Worried About an Insider Threat?
Even though you probably trust your employees, your company is still at risk. Insider threats are a growing problem. The Verizon 2019 Data Breach Investigations Report found that about a third of breaches in 2018 involved internal actors. Understandably, many companies don’t want to share data about insider attacks. Some studies say more than 70 percent of insider attacks are not reported.
Whether intentional or unintentional, employees within your company could use their access to website content in a way that hurts the company. It could stem from abusing or misusing their privileges to access valuable company information. Sometimes the insider seeks financial gain, sometimes it is retaliatory, and sometimes the user doesn’t know that they have misused the information.
Regardless, they all are considered insider threats.
How Can I Protect Our Website From an Insider Threat?
Whether it's a minor infraction, a disgruntled employee retaliating, or an honest (but huge) mistake like a data breach, there’s a way to begin to protect your website content:
If you have many staffers who have responsibility for managing your website, it makes sense to take some time to protect the company assets.
First, create a workflow that outlines how website content will be written, edited, approved and published. Make sure the employees understand their roles and responsibilities related to the website. Also, make sure those employees know your brand standards and best practices of website writing.
Secondly, use a robust content management system that allows various user roles.
LRS Antilles CMS, for example, allows administrators to give access to different staff members and give more authority to a few trusted individuals to push content to a publicly-viewed website.
You can restrict certain pages to certain users. For example, if only certain people can see the financial statements, you can restrict the page to be viewable to only users with certain rights.
To help prevent insider threats to your website information, make sure your content management system allows an administrator to grant specific roles and permissions to the regular employees on your website team.
Taking these kinds of precautionary steps can make sure your website’s content and structure remain protected.
The Takeaway: Proactive Protection is Key
Whether your concern is quality control, data privacy or mischievous employees, safeguard your website content by assigning user roles and permissions.
Take steps to safeguard your company’s website by creating procedures and using roles and permissions in your CMS.
Sources:
www.ekransystem.com/en/blog/insider-threat-statistics-facts-and-figures
enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf