No matter how secure an organization’s data security policy is believed to be, there is always the possibility of an insider threat – the potential for an insider within an organization to use their authorized access in a way that harms it, whether wittingly or unwittingly. Examples of this harm include intentional, malicious, complacent or unintentional acts that compromise the integrity, confidentiality, and availability of organizational data.
The simplest way of classifying these threats is to view them as either intentional or unintentional. In the former, intentional actions are those taken to harm an organization for personal gains and/or to act on a personal grievance. In this case, it is synonymous with the term ‘malicious insider’. In the latter, unintentional threats are those that result from carelessness or neglect such as misplacing a portable storage device containing sensitive information or ignoring an internal memo to install the latest security updates to software which exposes the enterprise to hackers exploiting security loopholes.
Here are 15 pro-active steps to secure your enterprise data against insider threats:
1. Establish a robust security policy
The starting point of any proactive plan of action to prevent security threats is to lay out a roadmap for a comprehensive data security policy. Incorporating security policy procedures to detect and prevent misuse. It is ideal for this security policy to outline how to conduct insider misuse investigations. Finally, these should also state what the potential consequences or punitive actions of these misuse infractions are.
2. Monitor misuse
24/7 real-time monitoring of user behavior to predict and detect aberrant user behaviors associated with potential theft, sabotage, or data misuse is still the most effective way to counter insider threats. Organizations can use User and Entity Behavior Analytics (UEBA) to establish user and entity behavior baselines from historical access and activity. These behavioral baselines are the benchmark against which real-time activities are assessed as either normal or abnormal.
UEBA uses big data analytics to provide insight into what’s happening with users in the organizations in real-time. Insider threats are identified when user behavior deviates from what is considered normal, thus prompting corrective action. Other behavior monitoring tools include security cameras for physical surveillance and keystroke logging, and speaking of physical security…
3. Dedicate secure physical locations
Creating a dedicated physical location that is meant for securing data is one of the best ways to prevent insider theft. Safe places to lock up sensitive information and isolating high-value systems that will require verified access, 2-factor authentication, or even biometric scanning are effective ways to reduce insider threats, especially from personnel seeking access to high-level data through using other employees’ key cards.
4. Exercise diligence in vetting new hires
Background checks tend to be consciously overlooked due to the perceived cost. On average, background checks can cost between $50-$200 and when compared to the potential hassle and theft in the future, they are well worth the money. Other advanced systems can corroborate the story of your new hire such as using a service like NORA. Non-obvious Relationship Awareness technology uses big aggregate data from multiple sources to find relationships where one would not assume one exists. Using this enables you to gain more information about the person to whom you are entrusting sensitive company information.
5. Implement a strong password security policy
The password security policy of your business is a set of rules designed to improve data security by encouraging staff to use strong passwords and providing guidelines on how to use them properly. This password policy is an integral part of what should be the ongoing security awareness training program of your organization. A relatively lenient implementation of this policy takes the form of mere advisory, or your enterprise computer systems can force compliance by mandating a certain password length or the inclusion of special characters or alpha-numeric code.
6. Employ Multi-Factor Authentication (MFA)
Supplementing a password security policy is the implementation of a strong, multi-factor authentication measure to safeguard sensitive applications within your company. The use of weak passwords amongst employees makes it easy for users with malicious intent to access sensitive information, but MFA will add an extra layer of difficulty for unauthorized users.
7. Detect and stop privileged access abuse
One of the most damaging internal threat agents is the privileged user. Privileged users can be admins who can give themselves access to restricted data or employ other forms of social engineering to impersonate other users, engineers who naturally have high-security clearance to the most valuable intellectual property or executives who can move freely with unfettered access anywhere. It is crucial to use tools for monitoring and controlling such sensitive information. On this note, there are also some common tell-tale signs that can signal an intent to abuse privileged access which makes it possible to identify and prevent data security breaches before they even happen…
8. Enable ‘sentiment analysis’
Sentiment analysis, also known as emotion AI (Artifical Intelligence), is the use of natural language processing, text analysis, computational linguistics, and biometrics to systemically identify affective states and subjective information. Simply put, it is the application of analytics and behavioral analysis to “figure out what someone’s intent is” to determine if someone has become a cybersecurity threat. Does the staff member have financial/life troubles or is he/she lagging in performance reviews? Internal information from HR and other key performance indicators (KPIs) can be more than enough to indicate a potential risk based on motivating factors.
9. Prevent data exfiltration
The motivations of an insider threat can vary greatly, but amongst these a frequent target is intellectual property. It is then crucial that placing appropriate controls on data, closely monitoring who has access to what and when, and preventing the free movement of unauthorized users can prevent this internal threat actor from succeeding in their malicious aims even if they manage to penetrate the security protocols. Analyzing behaviors related to the exfiltration of data such as shifting files to an off-site file-sharing site, or sending attachments to personal email, it is possible to identify an insider threat and mitigate the attack.
10. Make data security training an ongoing program
Conducting ongoing security awareness training for staff will have a positive impact in preventing avoidable security breaches by hapless users who become victims of increasingly sophisticated phishing scams, misused public WIFi hotspots, or the inadvertent loss or sharing of files. Training personnel also empowers them with the knowledge to recognize social engineering tactics to extract crucial information that could lead to a security breach. By making security awareness training an ongoing thing, organizations build a stronger security posture.
11. Remote-lock desktops
When you can’t depend on your employees to be as responsible as they ought to be for all their configurations, using a service that enables remote lockdown of desktops across the entire organization can come in handy. These services also have the added feature of enabling the locking down of certain parts of an employee’s computer apps to prevent threats.
12. Seal information leaks
A way to prevent information leaks is to outline what may or may not be shared in your organization’s security policy. Additionally, software that scans your policy and alert when there is any infringement of these policies on the network can also be an effective way to immediately identify breaches aside from email scanning software that will scan any outgoing email for any illegal disclosure of intellectual property.
13. Fortify perimeter defense tools and strategies
As without, so too within. Perimeter tools and strategies for servers on the public internet should also be used and implemented on your organization’s internal server. It is also important to patch regularly or update web and email servers and to get rid of any unused services and to use lockdown configurations to strengthen your security protocol.
14. Prevent backdoor infiltration
Some data breaches happen due to an attacker leveraging ‘backdoor’ access into the system of the target organization via infiltrating a 3rd party vendor. The challenge of dealing with 3rd parties is that you cannot force them to implement security standards that are at par with your organization’s. Given the lack of visibility into their data environment, it is unwise to trust them in yours. Thus, it is important to carefully control and monitor what 3rd parties can access.
15. Purge dormant and orphan accounts
It’s good hygiene practice to do a routine purging of idle accounts in your directory. Getting rid of user-profiles who are no longer with the company, de-activating access groups for legacy teams that are not active cut off user privileges that inherited from a colleague for a now-defunct project but still gives access to sensitive data are among the things you can do to clean up the house. User access hygiene issues need to be addressed routinely as part of a good security policy.
These are just some of the basic techniques for facilitating internal threat detection to ensure that your company’s sensitive information is more protected. Part and parcel of a robust security policy is explaining to employees why it is necessary to keep proprietary company information secure and that there are legal ramifications if there is a violation of this policy. The lack of a security policy that covers both internal and external threats could leave your organization vulnerable to having your sensitive information stolen and could cost your company an incalculable amount in damages.