Smart business leaders understand the importance of ongoing cybersecurity and insider threats education. They know that their entire team must be well-educated on the importance and best practices of cybersecurity. While employees may not intentionally act maliciously, they could be putting their company’s data at risk. Unfortunately, educating entire teams with little to no technical background on cybersecurity can be difficult.
Instead of disengaging non-technical staff with too much jargon, put cybersecurity in terms they can understand and relate to. Here are ten tactics to help protect your data against insider threats.
What Is An Insider Threat?
An insider threat is a malicious threat to an organization that comes from a person or people within the company. These insider threats could include employees, former employees, contractors or business associates who have access to inside information concerning security, data, and the computer systems.
When people think of insider threats, their minds typically go to rogue or disgruntled employees that are intentionally preforming a malicious act. What businesses do not consider in their IT security strategy is employees could be posing an insider threat due to their ignorance or negligence.
Not all insider threats are intentional. According to Computer Weekly, organizers of the Black Hat security conference reported that 84 percent of cyberattacks were due to human error. While the clear majority of insider threats can be attributed to negligence, there are cases of breaches due to deceptive insider actions.
Organizations need to be prepared for anything. Fortunately, there are specific tactics to deal with those incidents. Before diving into those tactics, take a look at the dangers and consequences of insider attacks.
Dangers and Consequences of Insider Attacks
According to the Crowd Research Partners Annual Insider Threat Report, 90 percent of organizations felt vulnerable to insider attacks. The top three risk factors enabling the insider threat vulnerability include excessive access privileges (37 percent), endpoint access (36 percent), and information technology complexity (35 percent). Of the 472 professionals interviewed in the study, 53 percent confirmed that an insider attack had happened at their organization within the last year.
Businesses must understand the role of data in today’s environment. Protecting data is no longer just IT’s responsibility. It is the responsibility of every internal person to protect their data. If not, attacks can be extremely costly to fix. Here are some examples of consequences and dangers that insider attacks can have:
- Insider attacks and threats can go undetected: Attacks can go undetected for years. Insider attacks can be difficult to detect because internal personnel are usually trusted by the company, and it can look like they are just doing daily work and have access to cover their attacks.
The longer it takes to discover an insider attack, the costlier it can be to fix.
- Confidential information can be breached or shared: According to the Insider Threat Report, the most common type of vulnerability from an insider attack is exposed confidential business information.
This information could include trade secrets, operations, sales, customer and employee information, and revenue information.
- Determining harmful actions can take time: In some situations, distinguishing insider attacks can be tricky. When an employee is working with sensitive data, it can be hard to know whether they are doing their job or something malicious.
Many times, employees will not know they are doing anything malicious in the first place. If the actions are intentional, it can be hard to detect because employees can cover their tracks by editing or deleting logs.
- Daily business consequences (loss of revenue, reputation, productivity): According to a global study of insider threats, the average cost of a breach involving employees or other internal personnel is $8.7 million. In addition to revenue loss, once an insider threat is revealed to the public, distrust can occur internally and externally. With the loss of revenue and a dip in trust, comes lack of organizational productivity.
An insider attack also requires a lot of extra time taken to contain and resolve the issue. This results in large groups of employees spending valuable time dealing with the attack and not their business-driving tasks, which negatively impacts productivity.
Now that we’ve discussed what insider threats can look like and the consequences that come with them, here are ten tactics to teach cybersecurity best practices and insider threat protection.
1. Use Terms, Situations, and Analogies that Apply to Employees to Help Educate
Not everyone understands the technical ins and outs of cybersecurity and cybersecurity best practices. So, when employees in different departments are required to go through technical training, they can become disengaged when they hear technical jargon. If employees are not taking in the critical information they are receiving, they are likely to be an insider risk due to lack of understanding.
Making the training apply to the non-technical staff can make it easier for them to engage and retain the cybersecurity training. Using familiar terms, situations, and analogies that apply to a specific department will help the more technical material translate into useable information.
If your organization is large enough that creating a separate training for departments is not logical, you can use some proven industry examples. For instance, if you are in the healthcare industry, talk about cybersecurity as the immune system. In the manufacturing industry, you could discuss internal threats in comparison to an assembly line.
When technical training is communicated clearly and is relevant to the group receiving the training, they are more likely to understand and use the information you are giving them. As a result, they are more likely to take the necessary actions to keep your organization safe.
2. Establish a Communication Plan
Does your organization have a communication plan in place if an internal attack was to occur? Will you send a company-wide message, or will you start the communication chain at the top with your executives and allow the message to be shared downward on that chain?
It is important to let employees or internal associates know that there will be uniform processes in place for everything your company does. It is easiest to only communicate internally on one platform. This might sound like common sense, yet variations in the processes are how people fall for unfamiliar messages, so consistency is key.
3. Create Exercises and Simulations
The best way to have employees understand the importance of insider threats and attacks is to have them complete real-life exercises. Creating a hands-on training is a great way to keep staff engaged.
Some of the most dangerous cyber attacks involve malicious emails that are made to look like a business email. Instead of redirecting your internal team to malicious sites, new services allow you to launch campaigns internally that mimic hacker techniques to ultimately educate and evaluate your employees.
Launching a simulated attack has become a popular way to test and evaluate the current knowledge of your internal employees. From there, use the results of the exercise to grab the attention of those who may have failed. No longer should negligence or ignorance be a reason for internal attacks.
4. Explain the Benefits of Cybersecurity and Highlight Progress to Employees
Many times, fear and negativity are used in trainings on cybersecurity attacks. Even the example given above about simulating an attack is a scare tactic.
On the flip side, employees may not respond to fear and negativity. In fact, in today’s environment, cybersecurity is the responsibility of everyone at the company. So, a good way to educate a company about internal attacks is to show how cybersecurity can be a business enabler. Some benefits you can share include:
- Improved public confidence in your company
- Improved information security and business continuity management
- A safer work environment for employees
- Protection of business productivity
- Protection of customers’ and employees’ personal information
- Gained confidence internally and externally
5. Secure Office Desktops
At this point you have educated employees on the importance of cybersecurity and can confidently rule out lack of training as the main reasons for internal attacks. It is now time focus your attention on safeguarding your data from intentional malicious threats.
On most desktops you have the option to group policies and lock down systems across your entire enterprise. Grouping policies allows a trusted security manager to set configuration details for the operating system components, such as Windows Media Player or an internet browser. It also allows the security manager to perform these same configurations on different applications.
In addition, make sure that the access rights to network folders are applied on a strict need-only basis. This will cut down on the number of internal team members having access to information that would make them an internal threat.
6. Deploy Processes for Monitoring Internal Personal
Another way to protect against insider threats includes the monitoring of employee activity and content. There are varying levels of monitoring tools that are currently available. The capabilities of these tools include email and webmail traffic monitoring, tracking the websites that employees visit, instant message monitoring, social media monitoring, logging files employees have accessed, and many others.
Few companies have noted not wanting to act as a “Big Brother” and deploy these monitoring tools. While this tactic does carry a level of corporate control, these tools are useful in preventing internal attacks. It allows IT to understand everything employees are doing, and it inhibits inappropriate behavior because employees know their activities could be monitored.
7. Get C-Level Commitment and Buy In
C-level leadership must understand and enforce your insider threat and security strategy from the top down. If the executive level of an organization fully understands the company’s security strategy, they are more likely to gain acceptance for the employees they manage.
When cybersecurity best practices are exhibited by the leaders, fewer internal threats are likely to occur.
8. Understand What Work Leaves the Office
Different companies have different policies on allowing employees to work offsite. If your organization allows employees to work remotely, they also need to understand what sensitive information is leaving the office with those employees.
In addition to remote worksites, employee turnover is another way that sensitive information can leave the office. One way organizations have experienced internal threats is when employees leave the company and take sensitive data with them. To mitigate this risk, there should be a post employee process.
All sensitive data, particularly the data that was generated by the employee leaving the company, should be left at the office.
9. Don’t Rule out Physical Security
In addition to employee education and digital security and monitoring, physical security can be used for insider threat protection. Simple physical security tools include key badges that allow or keep people from entering a sensitive area.
Layering multi-factor authentication only strengthens your physical security. For example, a key badge could be borrowed or stolen. To enhance this security feature, require a PIN number or finger print scan to be an additional layer. It is also best practice to make sure employees have at least one lockable drawer at their desk to secure their sensitive information.
10.Create a Strong Security Policy
At the very least, your organization should have a security policy to protect against insider threats. This is the most important tactic to prevent an attack. A security policy should include procedures to prevent and detect malicious activity.
Your company security policy should include details that limit the access to personal data about employees or customers. Specify who can access what data, under which circumstances they can access the data, and who they can share the information with.
Fight Insider Threats
Insider threats in cybersecurity are one of the top concerns that businesses are facing today. Whether that threat is due to ignorance, negligence or is made with malicious intent, use these ten tactics to protect your organization.
LightEdge is committed to keeping your data safe, secure, and compliant. LightEdge offers a comprehensive product portfolio to ensure complete protection and uninterrupted performance of IT operations and mission-critical systems in the event of a disaster.
Redundancy is built into each of our data centers in Des Moines, Kansas City, Omaha, and newly acquired Austin and Raleigh data center facilities. Each of our LightEdge facilities strive to deliver more than traditional data centers. We have created true Hybrid Solution Centers designed to offer a complete portfolio of high speed, secure, redundant, local cloud services and managed gateways to public clouds through our hardened facilities.
Want to learn more about LightEdge’s safe, secure, and compliant services? Contact one of our technical experts to get started or to schedule your private tour of any of our data center facilities. We have disaster recovery, colocation and business continuity experts standing by to answer any of your questions.