Insider IT threats continue to plague enterprises. An Egress survey found that 94% of organizations experienced an insider data breach last year. Sometimes insider IT security breaches are intentional and malicious, but other times they are accidental. All it takes is one employee to make a simple mistake or to be unaware of security best practices for them to become an unintentional threat. However, intentional or not, the consequences to an organization are often similarly deleterious. This article will break down examples of insider risks that could pose a threat to organizational data and provide best practices for mitigation, with a focus on an under-the-radar honeypot for would-be insider threats: printing and scanning.
Unintentional security breaches are often the result of simple negligence, inattention or lack of education. Administrator and operator errors are easy, common mistakes to make — and printing, scanning, fax and copying processes are no exception. For example, an employee could accidentally share an email with the incorrect person, giving the recipient access to potentially sensitive data in the process. Or, if a device is not secured, an employee could click on a link sent by a bad actor, putting the entire organization at risk of malware and other types of attacks. Another negligent potential data breach includes leaving a document in a printer or scanning tray. This poses a threat because it opens the door for anyone walking by to remove the document from the device and access the information.