Whilst many organizations give high priority to protecting themselves against outside security threats like hackers, a high proportion aren’t even aware that they may be at risk from the inside. When employees, ex-employees, business partners or associates leak, sell, or manipulate sensitive information either by accident or maliciously the organization may suffer. Financial losses and reputation may get affected irreparably, especially if the information contains intellectual property, business secrets, and financial status and customer or employee details.
It is the responsibility of the organization to make sure that they have adequate measures in place to help prevent these security threats. In many cases this simply means being able to see what is happening to your most critical IT systems.
Seven areas of focus for preventing insider security threats
In the wake of massive security breaches at Sony, Ashely Madison and WikiLeaks it more important than ever that you take steps to better protect yourself from it happening to you. Here we will go through seven areas that you can focus on to ensure better security.
1. Know the risks
Not acknowledging the possibility of insider attacks is a serious mistake that is made by a surprising number of IT administrators. Numerous studies from reputable sources all say the same thing – the majority of security breaches come from insider misuse or abuse. By not keeping track of what your employees are doing inside your critical IT systems you are playing a very dangerous game.
2. Manage your privileged users
The majority of insider security breaches originate in accounts with privileged access. Monitoring accounts and groups in the Active Directory that are able to access critical data should be a high priority for any organization. The more people with privileged access an organization has the more likely they are to be a victim. It can be difficult to keep track of privileged users, especially when employees change departments or leave the business. It is therefore important that organizations employ a least privilege policy where users have access only to what they need to do their job. You must also make sure to monitor what these users are doing with the content they are able to access.
3. Auditing the Active Directory
Not monitoring who makes critical policy and permission changes or accesses privileged data can lead to security breaches occurring without you even realizing. A pro-active and in-depth approach to auditing the Active Directory is essential if you are really want to find out what your users are doing.
4. Tight access controls over critical assets and privileged information
Critical assets and privileged information need to be protected by more than just a user name and password. Ideally it should be guarded by a biometric or multifactor authentication process. Many insider security breaches from insiders happen out of office hours so it may be a good idea to impose time restrictions on network access (including remote access). Also make sure that you limit physical access to critical servers to only authorized users.
5. Cleaning the Active Directory regularly
Inactive accounts in Active Directory often act as the vehicles through which insiders gain unauthorized access to network resources. Some insiders in your organization will have information about inactive accounts; including their passwords and special rights. It is therefore important that you routinely clean-up these inactive accounts.
6. Forensic analysis of failed breach attempts
A failed insider security breach is a great opportunity to learn — find out how they did it and what measures you need to put in place to prevent it happening again. By failing to analyze such events you leave the door open for repeat events.
7. Educating employees
Even a great security policy is ineffective if employees don’t know about it or don’t adhere to it. Employees should be trained on and reminded of the importance of periodic password resetting, use of strong passwords and improper use of the internet, amongst other things. When organizations do not educate their employees on best practices, they run the risk of making any security policy they enforce redundant.