A common misconception is that the vast majority of cyber-attacks are instigated by malicious hackers who deliberately break in to your system to steal your data. While this does happen, the belief that all attacks happen this way undermines the very real threat posed by your very own staff.
According to a report published by MacAfee, insiders were responsible for 43% of data loss. Should an organisation fail to acknowledge how prevalent insider threats are, they will likely pay the price. Of course, not all data breaches caused by insiders are the result of malice. Per MacAfee’s report, approximately 50% of insider threats were intentional; leaving 50% as accidental. However, do not despair, for there are measures we can take to help mitigate such threats:
1. Background Checks
Firstly, it is very important that you perform thorough background checks on employees, contractors and vendors. Check for criminal records, conflicts of interest and ask them for references.
2. Limit Administrative Access
You should never give full administrative access to just one employee. If you do they will be free to do whatever they want, and should they leave the company, they could hold your data hostage.
3. Remember to Revoke Access
Should an employee of contractor leave your organisation, you must have a policy in place that enables you to promptly revoke their access. You should pay attention to active sessions in order to ensure that are not logged in elsewhere at the time they leave.
4. Keep an Eye Out for Suspicious Behavior
It is important to watch out for suspicious behavior. Insider threats can be the result of negligence, malice, or the result of compromised devices. Event monitoring can help in spotting such threats; however, you will also need to pay attention to the administrators themselves. Do they have a chip on their shoulder? Do you they get on well with other staff members?
5. Strict Access Controls
It is very important to have strict access controls. The principal of “least privilege” should always apply. This will make it hard for employees to access sensitive data unless there is a good reason for them to do so. When access rights are extended to give an employee access to sensitive data, there should be a formal process and documentation that can be used as a point of reference, should a breach occur.
6. Encrypt Critical Data
Many organisations are still not encrypting their critical data. Doing so is crucial for minimizing the potential damage that could be caused should a device get lost or stolen.
7. Educate employees
Educate employees about the potential consequences of their failure to comply with the company’s security policy – not to mention the various data protection laws and regulations. Having a clear security policy will make it easier for employees to conform to best practices.
8. Strict Password Policies
Ensure that you have a strict password policy. Change passwords regularly, and prevent employees sharing credentials as this could lead to accountability issues, especially if someone leaves the company.
9. Keep Your Staff Up to Date
Keep your staff informed about any significant changes to your company, particularly if it involves invoking certain access rights. Make sure that any such changes are not leaked before an official announcement is made. Otherwise staff members might feel that their trust has been betrayed, which may in turn encourage malicious behavior.
10. Audit Network Logs
Last, but certainly not least, make sure that you are auditing your network logs. Naturally, you will want to audit any important system changes, permissions, file and folder based events across your network. You may want to install a specialized third-party auditing solution like LepideAuditor which is capable of providing real-time alerts and allow you to quickly identify any suspicious activity.