Insider threats can be catastrophic at any level of an organization or business. An insider threat usually comes from a current or former employee, third-party contractor, or business partner. Some employees may not even know they are compromising precious information by not being vigilant about their work data. Losses can come as lost data, customer information or money, for example.
The resources available at Techinc, your local Fort Collings IT company, can help you choose your best defences to insider threats.
Insider threat detection is no simple task for any security team. An insider already has legitimate access to the organization’s information and assets, and distinguishing between a user’s normal activity and potentially anomalous activity can be a challenge. Insiders typically know where the sensitive data lives within the organization and often have elevated levels of access. As a result, a data breach caused by an insider can be significantly more costly for organizations than one caused by an external attacker.
Even if it comprises one individual, a dedicated security team is essential to security success. This team should prevent, detect, and handle incidents. They should also have documented plans and procedures for each. Providing them with security training on the latest tactics and threats is also a key factor in identifying insider threats.
Remove access and disable accounts as soon as possible when staff depart. HR and employee managers should be in direct contact with IT when employees leave or there is a plan for them to do so. Many financial companies alert their IT staff of planned terminations in advance so they can disable the former employee’s access without delay after they leave.
Disgruntled employees may be more liable to pose as insider threats out of a desire for revenge, a plan to steal data and sell it to competitors, or simple greed combined with a lack of respect for the organization. Not only should you monitor these employees, but you should also attempt to ease the source of their unhappiness, if possible, to improve the situation.
Often described as “something you have and something you know,” the most common example is the use of an RSA token, which displays a rotating sequence of numbers that comprises an authentication code. Users need to type a password or PIN followed by this ever-changing code to gain access to a system. So, anyone who gets either the password or the token (but not both, obviously) will be blocked at the gate.
Remember the movie ‘When a Stranger Calls?’. Perhaps this wasn’t the ultimate insider threat, but keep in mind the villain had to have gotten in somehow. Don’t assume you have to only guard the interior of your network; focus your security initiatives and efforts on all external-facing devices as well.
This is more of a mindset than an action item, but it’s worth discussing. Too many execs seem to think security products are just mindless insurance they have to pay for or else something bad might happen. That’s the wrong approach and can lead to grumbling over budgets. We don’t view police officers as a drain upon a state budget, especially when we need their help.
Many of the mentioned best practices can do more than just provide security. Good security practices can reduce scrutiny (or penalties) from auditors for certain institutions. And it’s important to keep in mind that spending a little (or a lot) on security can help prevent much larger costs down the road, such as lost revenue in the wake of a public humiliating data breach.
Keeping your business free from insider threats is an important IT move. You can save yourself extra work, extra money, and extra employees.
Contact Techinc today to discuss how we can help you defend your company against insider threats.