As if it wasn’t enough to have to defend from industrial spies, nation states, and script kiddies residing outside your network, one of the biggest threats to our information assets resides within our own environments. The insider threat, intentional or otherwise, is now one of the major concerns in cybersecurity, and with good cause. Within many organizations these days, users have more access to data than they need, cloud storage services have created a phenomenon called Shadow IT, permitting users to save potentially confidential data to the cloud for future access, and with the (understandable) requirement of user-friendliness throughout IT assets, security controls are often disabled rather than tuned. While the insider threat can be a pain in the backside, there are ways to protect yourself and keep your users happy simultaneously.
In order to properly defend yourself, you need to understand what you’re up against. The insider threat comes in many forms, but you can narrow them down into either malicious/intentional threats, or threats that stem from carelessness or lack of knowledge and skill within your workforce. You may have a user that thinks it’s okay to throw the classified document that they were editing up onto their favourite cloud storage platform so that they can access it later. One of your users may provide their credentials to a malicious third-party after being subject to a social engineering attack. You may have a malicious insider who is looking to steal or destroy data because they are disgruntled or under the employ of a competing organization. In the world of startups and small businesses, security controls can sometimes be sacrificed to allow for speed of delivery, lack of knowledge, or user satisfaction. Now that you better understand the threat, we can help you get a handle on the situation.
For an overview of the different insiders your organisation could face, check out our Insider Profiles.
Good documentation makes a good cybersecurity practice, and policies are a staple in said documentation. Policies back up your decisions, provide guidance for your cybersecurity controls, and give you a base for user education. Acceptable use, privacy, and mobile computing are three base policies that should exist in most organizations. The policies exist to provide the following:
Once you have a base set of policies in place, your next step is to educate your users about their existence, and what it means to them.
A user’s misunderstanding of technology or trusting nature can lead to potentially unwanted situations. Data loss, malware infection, and unauthorized access are just three of the potential threats you face when your users carry on with their business without proper security awareness education.
Facilitating user awareness training is pretty straight-forward in theory, although not always easy to execute. Initially, you will need to provide live training; in person if you have a small team in a central location, or online via webinar if your team is larger and decentralized. Some of the topics you will want to cover will be:
Since your users are generally prime targets for attackers skilled and not so skilled, providing proper education for them can help shore up your defenses and help you mitigate the insider threat. Keep in mind that your users may forget, so you need to ensure that you keep refreshing your users’ memories! Quarterly or semi-annual training wouldn’t go amiss.
Along with enforceable policies and educated users, you still need to maintain technical cybersecurity controls within your environment. Users forget elements of training, malicious users ignore policy, and accidents happen. Here are a few examples of controls you can use to help ensure that your users are adhering to policy and best practices:
Providing basic cybersecurity controls can go a long way toward mitigating insider threats in your organization. Although you will need to ensure that you’re maintaining your controls, monitoring and logging their output, and using your policies to derive standards by which they should be configured.
While the insider threat can be a plague to modern organizations, whether large or small, it is not an insurmountable obstacle. By creating policies (not too stringent) that add parameters within which your organization can run securely, providing regular training to your users to help keep them sharp, and adding some technological controls on top to provide backup when your users slip up, you can go a long way toward mitigation.
Everything you need to know about threat protection with ZoneFox.Download our Datasheet
Get all the security insights, and ZoneFox news straight to your inbox!Subscribe to our newsletter