Non-malicious insiders in business cybersecurity

10 staff members looking at one laptop

If your business doesn’t have a tech focus, it’s easy enough to fall into the trap of doing your cybersecurity on the cheap.

As long as it’s working, you think, there’s no need to worry about it. Or pay good money to someone you don’t know to make sure your computer system is secure.

But affordable cybersecurity is not the same thing as getting a “friend who knows about this sort of thing” to take care of it.

There are four classic archetypes of non-malicious insider who, under the guise of “helping you out”, are unintentionally doing your business a great deal of harm:

The 4 non-friends of affordable cybersecurity

1) Your generous friend or neighbour

This could be your friend, your neighbour or even a member of your team. “I can set up Office365 for you,” they say. “It’s not difficult.” Or, worse, “No, it’s fine. You don’t need all that stuff.”

Their confidence and seen-it-all-before attitude are reassuring. Plus, they reinforce your desire not to spend any money at all on your cybersecurity.

It’s all fine and dandy until your accounts get breached a few months down the line and putting things right ends up costing you ten times as much as taking some simple cybersecurity measures in the first place.

2) The well-meaning junior employee

The youngest member of any non-tech team is often the one who gets roped into taking care of any IT matters. Maybe one of your junior team members has built their own gaming computer. Now they get saddled with any kind of IT query which comes along.

Why is this happening? How do you fix this problem? How do you set this up?

They’re not entirely sure. But they’re too young and too unsure of themselves to tell you they don’t have a clue. In fairness, the fact that they have no knowledge of best practice and are only using tools which are designed for home use isn’t helping them.

3) The former team member who left long ago

Sometimes it’s a former member of your team who left you with a file backup to a hard drive (which might not have worked properly even when they set it up).

Occasionally it’s an IT contractor who left your system with RDP enabled (Remote Desktop Protocol – the feature that lets someone take control of your computer to fix a problem over the internet), meaning anyone with a little knowledge can get instant access.

In any case, it’s someone whose tech wizardry know-how was fairly current five or so years ago. But who hasn’t been back to check on or update your system since.

Everything’s been working fine though, so why worry? Unfortunately, the next thing that usually happens is a ransomware attack via RDP. Or something simple that goes wrong with your hardware. Only then do you find that backup isn’t working so well after all.

4) The veteran manager

It’s by no means an age thing. But there are almost certainly some people on your team who think that “IT” essentially amounts to Microsoft Outlook, a cheap £299 (in the sale) Intel Celeron laptop from PC World, McAfee Antivirus (free edition) and Microsoft 365 (Home version).

This mindset is going to be leaving you open to some pretty basic actually malicious attacks. You may also find it’s going to be the key reason your staff end up being far less productive than they would otherwise be, moan about the IT systems all the time and end up leaving for another company where they do the basics right.

Non-malicious insiders

It’s not that any of these people among your nearest and dearest wish you any harm. They’re usually trying to help you!

But when it comes to the basics of cybersecurity, even the most affordable professional option is going to leave you in better stead than a non-malicious insider.

Wondering why it can’t just all be simple?

Let’s talk. At Dial A Geek we already help nearly 1000 business owners in Bristol and the UK with their cybersecurity.

Have an obligation-free chat with our director and cybersecurity expert Gildas Jones who will show you how easy it could be to get your IT working for you for a change. Click here to schedule.