“Can I trust my employees?” is a question that, as a business leader, probably makes you feel uneasy. Yet over the past few years the issue of cybersecurity incidents caused by employees, or those inside an organization, has been highlighted in the media repeatedly. The loss of intellectual property, patient or client data, or other business critical data has a huge economic and reputational impact. With only 11% of businesses reporting that they feel they’re safe, the issue of the insider threat is one that needs to be addressed as a key cyber-security issue.
On the surface, it seems like business leaders may need to start mistrusting all employees at all levels within their organization. If this assumption is the basis for implementing an insider threat program, then it’s likely that the uncomfortable topic of addressing this issue will go un-met and businesses remain at risk. So how does a business stop employee data breaches without suspicion or stigma? In our experience, it’s not necessary to blame or point the finger of suspicion. Instead, the issue should be thought of more as an exercise in employee education, security best practice, and the creation of a security-aware culture.
The majority of data breaches or losses are caused by accidents. An accidental data breach can be caused by an ordinary user not following policies or training. For example, a user not using encryption with thumb drives. Or a privileged user not properly configuring a server or other resource that leads to data being exposed to leak or allowing those who do not have permission to view sensitive data. And then there’s shadow-IT. The rise of Dropbox and other services that provide ‘shadow’ operational capabilities are the bane of many an IT director, who have to play a constant game of whack-a-mole in order to identify and stop users from using these services.
By viewing this problem from the perspective of who or what may pose an insider threat, it’s possible to implement the necessary policies, processes and technologies in order to help properly train staff, implement the proper controls and auditing systems that will identify both the accidental and malicious insider.
A number of options are available to businesses, and they typically involved a blend of policies, processes and technologies. As with all cybersecurity programmes, they must start at the board level as each department needs board sponsorship to help implement the blend of policies, processes and technologies required.
For example, policies and training are important to help stop the accidental insider breach. The use of data controls are important to ensure that people are stopped from accessing areas of information they shouldn’t have access to, but these need to be supported by the proper use of auditing technologies to ensure that both policies and controls are working as expected.
Read our latest case study to discover how we supported an organization to shed light on unknown unknowns and cast enhanced visibility on activity around their sensitive data.
Boards must also understand that security is not just a problem for IT to solve. For example, proper leaver processes need to be implemented, and departures need to be communicated to IT.
By putting all of these pieces of the jigsaw in place you will be able to easily detect and correct accidental behavior before it leads to a significant problem for your business. You will also have the added bonus benefit of identifying and stopping rogue employees intent on stealing data in the rare, but highly damaging, event that there is one in your organization.
Nobody wants to believe that the people you’ve hired, worked with, and earned hard-won business victories with - might steal from you. Yet, accidents do happen. By implementing some fundamental best practices and a security-aware culture you will help improve the education of your workforce and catch the highly damaging cases of insiders trying to steal your valuable business information.