The headlines today still focus on hackers and other malicious outsiders trying to steal your sensitive data or disrupting your business, but the reality is that insider threats are the biggest challenge to enterprise security.
People with knowledge of your network and systems have a decided advantage when it comes to deliberately or accidentally sharing information with unauthorized users. Whether it’s a dissatisfied employee looking to make a buck, a retiring worker copying files to take home or a busy executive sending a file to the wrong person, preventing data breaches from privileged insiders can be challenging.
Insiders understand how your business operates and have access codes, user credentials, and the ability to exploit or bypass security controls; especially if they are in senior positions. Most of the time actions are not intended to do harm, but to quickly get things done. A good example is the retiring FDIC employee who inadvertently copied sensitive data from 44,000 customers onto a USB drive to take home. Not malicious, but a data breach none the less.
According to the recent study “Risky Business: How Company Insiders Put High Value Information at Risk” by the Ponemon Institute, C-level executives and Sales departments are the most likely candidates to inadvertently share sensitive information. While there may be malicious intent for some, according to the Ponemon study, carelessness is the main cause of putting high value information at risk. These people have access to sensitive company and customer information and with busy schedules come mistakes.
Two statistics from the Ponemon study are telling. 56 percent of those surveyed say company insiders are the primary cause of data breaches and 72 percent say they are not confident they can manage and control employee access to confidential files.
While carelessness is a major cause of data breaches, the lack of good security practices clearly contributes to problems by insiders. If you can’t determine what is sensitive, you should treat all documents and correspondence as confidential and manage exceptions to the rule.
A good approach is to encrypt all files when you create them and assign permission controls to them, so that no one outside of your organization can access them. This immediately stops the accidental or malicious act. If a company outsider can’t access the information, having possession of the file is useless. Then manage the exceptions where you need to share sensitive information legitimately with outside people. Couple this with data handling education and overall security awareness training to create a culture that sees security as a business benefit.
As insider threats concern the motives and mistakes of real people, it’s impossible to ignore the human side of things. An effective strategy requires the endorsement and active participation of the board of directors and senior management. And most importantly, the rules must apply to them, so there is no sense of privilege being able to skirt the rues.
Here are a few ideas to help to detect and stop insider threats.
- Discover and encrypt sensitive information
- Prohibit unauthorized sharing of sensitive data outside the company
- Monitor access to sensitive information to determine proper work patterns
- Adjust security policies over time to ensure employees can do their jobs without going around security
- Implement the fewest privileges and access rights so employees can do their jobs effectively
- Ensure access rights are terminated as soon as an employee leaves the company
- Monitor contractors’ access to sensitive information and terminate it as soon as it’s no longer needed
Many companies have a handle on protecting high value information from outsiders, but protecting it from insider threats is no different. Giving insider threats the same level of importance protects your business and ensures success and profitability.