By now, every employer has at least heard of the latest hack or data breach, resulting in major companies losing precious data to the attackers. Protecting the company from outside threats seems like a colossal feat on its own and requires many security implementations to adequately secure a network.
Yet there is another side to data theft, one that does not make the headlines too often. That threat is the insider, an individual that has internal access to an organization due to employment or contract. Insider threats are so dangerous because they could steal data for any number of reasons, such as termination, resigning to work for a competitor, or just a bad afternoon. If there are ways to strengthen defenses against external threats, there have to be ways to protect against the insider threat, right?
While this blog is not intended to generate suspicion of all employees the world over, it will provide steps to nip the insider threat potential in the bud. The following are 10 quick tips to help any business avoid data theft by employees.
- Implement an anti-BYOD (Bring Your Own Device) policy.
- When allowing users to introduce their personal devices into the business world, the risk of company data finding its way out the front doors increase drastically.
- Restrict the use of personal email and cloud storage accounts.
- In line with personal devices, allowing access to personal email and cloud storage introduces more vectors for bad actors to exfiltrate data.
- Limit websites that could be used for non-business data transfer, especially if unnecessary for daily work, such as FTP (File Transfer Protocol).
- Typically, data transfer methods like FTP are not used for work-related tasks by the average user, so cutting it off should be an easy defense mechanism. Subsequently, if an employee requires access to FTP, an IT representative would need to permit such activity.
- Restrict usage of external USB devices.
- While USB devices are a method to store variable quantities of data, it is possible to establish a policy to prohibit or restrict their use. As an alternative, employees can be allotted storage space on their work computers or on network storage locations.
- Limit access to areas or documents that contain sensitive information.
- Proper file and folder access restrictions (logical security) go a long way if configured properly. Set up a network that segregates account access only to files and folders required for daily business, tailored to each user or user group. Implementing a Least Privilege security model should be what you strive for here.
- Focus on secure user credentialing to prevent unauthorized logins.
- When passwords are secure, a malicious insider cannot access higher permission due to a breached account. Keeping Joe’s (from accounting) password complex and secure is just as important as the CEO’s.
- Design an exit plan for departing employees.
- Some examples of actions include cutting network access in conjunction with their departure and work to repossess all work electronic devices as soon as possible. Having a plan to execute keeps the process standard and efficient. Remind departing employees that they are not permitted to have your data, that it should be returned and that you have ways of monitoring that use.
- Control remote access.
- Remote work is baked into the work procedure for many companies. Without proper control metrics, such as activity logging and proper authentication techniques, an employee could boot their home computer and copy all data from the company server.
- Install surveillance platforms.
- Whether in the form of actual video cameras or surveillance software, recording the actions of employees for retroactive review can be used to uncover thefts that may have already occurred. The systems just need to be in place in order to be helpful.
- An additional solution in this category comes in the form of Data Loss Prevention (DLP) software. This software is specifically designed to detect if theft is occurring by monitoring sensitive data.
- Act on suspicious behavior.
- While this may seem obvious, it is still worth pointing out. If an employee is acting strange or abruptly resigns to work for a competitor, a review for data theft may find the reason for the behavior.
In conclusion, the insider threat is real and can be devastating to an organization. Techniques such as limiting certain activity or implementing user account access restrictions help to prevent data from leaving an organization unnoticed, if at all. When properly implemented and customized to the environment, the tips in this blog will help secure the data from the insider and help put employers’ minds at ease. Should you have questions or would like to consult on this topic, CONTACT VESTIGE today.
RELATED LINK: https://www.vestigeltd.com/clients-we-serve/human-resources/
By Ian Finch, BS, CGFA,
Senior Forensic Analyst
Vestige Digital Investigations