Defend Against Compromised Insiders

Defend Against Compromised InsidersWhat is the most important thing to your company?  Is it your employees?  Is it your customers?  Or is it your intellectual property (IP)?

The thing that differentiates one company from another is a product, a service or the way you do things.  If you are Coca Cola, it’s the secret formula for Coke.  If you are Avis, it’s your service.  If you’re Google, it’s your search algorithms.  All of these are the IP that makes you unique.

Most of our IP today is either stored in a database or in a document.  Whether it’s a product design, source code or an algorithm for calculating financial risk vs. reward, you want to protect it from competitors and the general public.  Without it, you have no business.

The problem is that everything is digital and its easy for anyone to copy your IP and take it with them.  This is becoming more of an issue with trusted insiders.  These are your employees and contractors who have a right to access sensitive information.  According to a study by Symantec last year, people take the information they know, work with and often feel entitled to have.  75% of insiders that stole material took something they were authorized to access.

Less than 1% of your employees may be malicious insiders, but 100% of your employees have the potential to be compromised insiders.  They could be the victim of a phishing or social engineering scam.  Many become compromised and don’t know it.  It could be as simple as a hacker guessing an obvious password and now your sensitive information is available to anyone.

Some employees feel that taking company confidential information is no problem.  If they created it, they must own it and can use it at their next company.  In some cases that may be fine with you, but if it’s the lifeblood of your company, you probably want to keep it confidential.

Do you have the proper tools in place to protect your sensitive data?  Here are a few steps to get you started.

  1. Classify Sensitive Information – identify sensitive information inside your organization and restrict access to it.  Ensure that anything classified or company confidential is properly marked.
  2. Persistent Security – implement a persistent security policyon your documents so you can control who can access them and what they can do.  This lets you control viewing, editing and printing of anything that is confidential and sensitive, no matter where it is.  It also lets you kill access immediately if needed.
  3. User Rights – examine user accounts to identify excessive rights and inactive accounts.  Make sure users only have access to the data they need to do their job.  Delete inactive or dormant accounts, since this could be a backdoor for accessing sensitive information.
  4. Analyze Activity – monitor data access through logs and other monitoring tools to see usage patterns.  Watch for excessive access to sensitive data, off hours access and failed login attempts or access.

These 4 steps can help protect you from a malicious or compromised insider.  Stealing company secrets is nothing new, but it is getting easier.  Encrypting your sensitive documents with a persistent security policy and watching user activity will contain the problem.

Leave a Reply

Your email address will not be published. Required fields are marked *