As mobile devices and personal gadgets become more common in the workplace, insider threat is on the rise as well. According to a 2016 Security Report by Checkpoint Software Technologies, as much as one in five employees will be the cause of a company network breach that came through either malware or unsecured malicious Wi-Fi access over an unsecured network.
However, mobile devices are now considered to be an important part of conducting business operations. We live in an increasingly Internet-dependent world where the Internet of Things (IoT) is becoming the new normal.
Banning mobile devices from work will not only have a negative impact on productivity and employee morale but will put you at a competitive disadvantage, too. Enterprise owners and those who use IT services for day to day operations thrive on having the latest update and real-time information to function optimally, along with data which can best be accessed while on the go via smartphone or tablets.
Challenges of Detecting Insider Threats
One of the major challenges that make it difficult to spot insider threats is the widespread practice of bring-you-own-device (BYOD) at the workplace. It makes it that much harder to detect the sources of attack and increases entry points and vectors for criminals to infiltrate your network.
Furthermore, it has become difficult to address even when the best preventive measures are in place. A recent interview with a US Government Cybersecurity consultant confirms this. Bill Evanina, Chief Counterintelligence and Security Adviser to the US National Intelligence Director, revealed that “no matter how good security controls are, they will never catch every insider or hacker — and they must be continually improved because of technological advances.”
There are two types of insider threats namely malicious and accidental. The former type is typically disgruntled current or former employees who feel justified in gaining revenge through a cyberattack.
Accidental insider threats, on the other hand, occur when an honest employee is manipulated or tricked into allowing someone to gain entry into the company’s IT network and cause harm to the organization.
Insider threats can derail normal backroom operations and result in huge financial losses. Information and identity theft, fraud, and introduction of malicious codes can lead to costly downtime.
The impact that an accidental insider has on businesses is no less alarming. Although there is no clear intention of wrongdoing, the negative effects can be just as devastating, sometimes even more so because these are unexpected incidents.
There should be equal effort placed on preventing accidents and reducing human error with eliminating insider threats and mitigating their impact.
10 Ways to Prevent Insider Threats
1. Identify the most important piece of data, and prioritize its security
Think of this as your company’s trade secret, the one important piece of information that serves as your main competitive advantage and differentiator. Once you know what it is, install encryption, restricted access, and monitor it 24/7 for added protection.
2. Don’t repeat past oversights
Take note of any weak points or vulnerabilities that allowed the attack to happen, and be proactive about installing stop-gap measures to prevent the same type of infringement from occurring again.
For example, if you identified an accidental insider threat is coming from an external link clicked by an unknowing employee, double up on your efforts to raise awareness throughout the company.
3. Limit business partner’s access to confidential data
Business partners are often granted the same amount of access to privileged data as employees. While this arrangement makes it easier to conduct business affairs, take note that they are not as accountable as employees when they decide to cut off ties and go to a new business partner.
Limit their level of access and have them sign a confidentiality agreement that clearly states what the consequences are if they violate it to underscore its importance.
4. Don’t ignore suspicious behavior
Watch out for suspicious employee behavior such as using privileged access for non-work related tasks or after office hours without any explanation. Experts say that concerning behaviors are one of the top signs to watch out for when insider theft issues are concerned. Coordinate with your HR department so you can spot potential risks and threats.
5. Institute security policies to prevent outside recruiters from getting data from employees
There are numerous instances wherein employees accused of fraud do so by providing sensitive information to outside recruiters. Whether intentional or not, the fact remains that the information is traceable to an employee who responds to recruiters.
Implement a policy that makes sure all data access is audited, and that it’s possible to trace the source to specific employees when the time comes.
6. Take note of the 30-day period before or after an employee leaves the company
In most cases, insider crime is committed within a 30-day time frame. Experts say that the days leading to or after a resignation or termination are the prime periods for malicious insiders to attack.
Implement security measures that will prevent any untoward incidents from occurring by putting them on the HR’s radar. Further, monitor how information is turned over from one employee to another.
7. Optimize your current technology before buying new ones
Chances are, the technology you’re using now might be sufficient to counter any insider threats your company is vulnerable to. Hire an expert or have someone in your IT team to investigate how you could leverage on what you currently have on hand to prevent insider threats. Your current tools could be adequate to spot signs of data exfiltration.
8. Be legally compliant when it comes to privacy concerns
There’s always a push-pull issue that happens around privacy vs. security concerns, so work with your company lawyer to iron out any kinks surrounding the legalities of any insider threat prevention programs you plan to implement.
9. Involve all departments when implementing an insider threat prevention program
The IT security team is not the only one responsible for insider threat prevention, especially administrative staff who are in close contact with your employees. Naturally, all candidates are vetted during the hiring process but people change over time. They can either become complacent about standard security protocols or opportunistic because of ill-intentioned personal reasons.
Everyone should be involved, including HR and team leads. Insider threats can go undetected for months because they already know how to navigate your network.
10. Get the commitment of the C-Suite
Even if you have the best insider prevention program in place, it’s bound to fail if you don’t have the explicit support from the C-suite. Aside from having the right tools and policies in your arsenal, make sure that managers are on board and committed to insider crime prevention.
Insider threats are increasingly becoming more common as technology becomes more accessible to employees. You can’t fully predict who will turn into an insider threat. More importantly, you can’t completely control people without infringing on privacy and restricting collaboration.
All businesses can really do is hope that they have the right processes and systems in place to spot, prevent and mitigate insider threats. That and treat your employees well so that they won’t turn against you.