You may not be aware of it, but over 60% of data breaches are caused by insiders, a fact that underscores the need for technological as well as nontechnological measures to prevent insider threats.
Although typically not malicious in nature, many insider incidents are caused by careless employees who undermine their organizations by not complying with their business rules and policies, such as clicking on phishing links in emails or inadvertently emailing customer data to external parties.
Other insider incidents can be caused by employees, contractors, or business partners who have or have had authorized access to a company’s network or data and used that access to negatively affect that company’s systems or information.
- Train your new employees and contractors on security awareness before allowing them to access your network. In addition, incorporate information about unintentional and malicious insider threat awareness into regular security training for all your workers.
- Set up a security incident response team that’s responsible for preventing, detecting and dealing with all security incidents, including insider threats. This team should include general IT and information security staff members and as well as members of the C-suite. Provide the team with policies and procedures to handle each situation. Ensure they have the proper training to keep up with the latest tactics and threats so they can identify insider threats as quickly as possible. The goal of this team is to handle the situation in a way that limits damage to your company and reduces recovery time and costs.
- Set up third-party employees, including contractors, with temporary accounts that expire on specific dates, such as the end of their projects or contracts. This ensures that these individuals can’t access your systems after they complete their work. If necessary, you can always extend the account expiration dates.
- After staff members leave your company, be sure to remove their access to your network by disabling accounts as soon as possible. Your human resources staff, as well as your employee managers, should contact the IT department when employees leave, plan to leave, or are terminated.
- Add an extra layer of protection to the process of authentication with two-factor authentication (2FA), which requires a user to provide a second piece of identifying information in addition to a password. 2FA could include answering a question such as: What was the name or your elementary school? It could also require a user to enter a verification code received via text message or from an authentication app on their phone.
- Encrypt sensitive corporate data at rest or as it’s traveling over a network using suitable software or hardware technology. That way if a rogue employee or third-party worker steal a hard drive from a server or captures traffic, for instance, that individual will be unable to access your confidential data.
- Address endpoint security by ensuring the physical security of employee devices as well as the corporate data stored on those devices.
- Implement employee monitoring software that helps you reduce the risk of data breaches and the theft of your intellectual property by identifying careless, disgruntled, or malicious insiders. Employee monitoring software enables you to set rules to prevent employees from engaging in risky behaviors, such as emailing sensitive company information. The software also alerts you when employees are violating policies so you can put a stop to their actions.
Yuri Martsinovsky has been working in security software industry at SoftActivity for over 15 years. He covers insider threats, computer monitoring and other enterprise security topics. Follow him on twitter