Businesses today thrive on connectivity. However, easily/remotely accessible networks come with numerous well-documented security risks, particularly from malicious cyber attacks. With one data security breach an organisation can suffer significant damage to both finances and reputation. As such, most quite rightly put numerous security layers in place to protect their network perimeter from external threats. The insider threat, however, is more difficult to defend against.
In their recent survey the SANS Institute highlighted that security professionals identify the insider threat as a key concern. However, out of the 770 businesses that took part in the study 32% had no security measures in place against it. Furthermore, almost half of the organisations had trouble estimating the damage that could be caused, while 44% were unable to recall their spending when it comes to guarding against it.
One of the major difficulties that businesses face in protecting themselves against an insider threat is spotting it to begin with. Often the insider will have legitimate access to the IT system, meaning that no red flags are raised when the user attempts to enter it. This is why companies must tailor the level of access given to each individual employee, giving access to the files they need whilst keeping sensitive data secure. This will enable the business to innovate, strive and thrive whilst keeping an eye on the data it needs to.
In this data-conscious age, the IT department does not shoulder the burden alone. Whilst they provide the means, it is the responsibility of every business leader from the CEO to the HR and legal department to work together so employees understand the importance of data protection. Trust is essential to this, as employees must feel that they can offer advice to management and speak freely. This will not only place workers in a productive and collaborative atmosphere, but might even prevent an employee from acting against the company in the first place.
These five preventative measures will help protect your company from the insider threat:
- Know your employees
Whilst it is extremely difficult to detect the unsolicited use of data that has been accessed by an employee, evidence that there is an insider threat can be found elsewhere. Any changes in behavior should be considered as a red flag. These can include employees pulling up data at unusual times, complaining more about their job, working outside of the team and generally working in a disinterested manner. It is likely that these employees’ coworkers will notice something is different, which is why having an open and communicative company structure is of paramount importance.
- Adopt a transparent approach
Employees must be aware that the organisation reserves the right to monitor all activity on corporate networks and company equipment. Implementing a careful Acceptable Use Policy that clearly outlines what is acceptable is essential. With an agreement in place for both the employer and employee, there can be no mistaking what the rules are, nurturing an atmosphere of accountability in the workplace.
- Repetition, repetition, repetition
A business should offer and encourage regular training on the company’s Acceptable Use Policy, ensuring it isn’t just something covered in an employee contract. Regular reminders show that a business takes data protection seriously and will act as a deterrent against insider threats.
- Mind how they go
A fraction of any company’s employees will inevitably fly the nest. Some will part on good terms whilst others may be frustrated, quit or find themselves dismissed by the company. Disgruntled leavers make up a large part of all insider threats. Even if an employee leaves amicably, the temptation to take information with them could still be too much. Whenever any employee leaves this should automatically trigger a set of security protocols. These comprehensive steps should cover everything from reminding the employee of their legal obligation to keep data confidential to removing their access to the system.
- Correct Access Control
Perhaps the most important advice that can be given is for companies to make sure that every employee has access to the appropriate level of information. This has to be kept up to date frequently, with frequent revisits on who can access sensitive data. The more sensitive the information the more levels of security there should be, with the most important data protected by passwords, multi-factor authentication and encryption. Access should only be given when necessary, operating on a ‘least privilege’ basis with increases with temporary increases to access if it is required.
For a business to protect itself from an insider attack, they must find the balance between satisfied and productive workers, between employing responsible agents and maintaining control of the company. Technology can set the parameters for control, but lowering the risk of insider threats has a much wider scope. Employees need to understand the importance of their company’s data, and know how to flag it if a colleague is misusing that information.[su_box title=”Salo Fajer, CTO, Digital Guardian” style=”noise” box_color=”#336588″]
Salo drives Digital Guardian’s strategic vision and core innovation efforts while also overseeing product management, product marketing, and product content development. He has over 25 years of experience in the industry, having held diverse technical leadership roles in product management, operations, consulting, and sales engineering. Prior to his current role, Salo was CTO at NitroSecurity, a developer of security information and event management (SIEM) tools. There, he led product management until the company was acquired by Intel McAfee in 2011. At Intel McAfee, he was responsible for risk, compliance, and analytics products, including SIEM, vulnerability management, and big data analytics.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.