In 2016, inside staff was directly involved in 32% of damaging cyber security incidents according to a study by NetDiligence, and the danger and scale of potential damage can be much greater due to the increased access that employees have to company networks and databases. According to the latest Insider Threat Report, 53% of participants confirmed an insider attack in the last 12 months, while 27% say these attacks have become more frequent. Internal security protocols are often more relaxed than perimeter firewalls aimed against hackers. To make matters worse, incidents are frequently underreported in an effort to preserve reputations, and due to the hardship that unsuspecting firms face in detecting or proving an inside leak. Here are some strategies for reducing the risks of the insider cyber threats.
Educate staff
In many cases, simple mistakes and a general lack of awareness on the part of employees can compromise a company’s network or data from within. In house or outsourced training courses and cutting edge gamification programs can be a powerful tool to condition employees – and consultants working within your company’s network or office space – to proactively avoid cyber threats or respond to them appropriately when they do occur. Simple safeguards like avoiding shared passwords and accounts can greatly increase internal cyber security.
Update your systems
Keeping software and operating systems up to date diminishes exposure to attacks, as patches and enhancements often provide solutions to systemic vulnerabilities. All employees should be made aware of the software they can and should be using at work, thus avoiding the possibility of downloading a “Trojan horse”, malware that poses as legitimate software. It’s also key to make sure that web browsers have the latest security extensions and plugins. Contractors should be given temporary accounts, and the accounts of former employees should be closed as soon as they leave the organization. According to Steven Chabinsky of CrowdStrike, logs and automatically correlated endpoint activities should be used to establish baseline behavior, detect abnormalities, track data and removable media use as well as respond to damage assessments.
Backup your data regularly
Backing up your work and sensitive information on a regular basis protects you from accidental data loss from hardware malfunctions and human error, as well as against ransomware, a form of malware hackers use to encrypt data, demanding payment for decrypting it. Between 2005 and March 2016, 7,600 ransomware attacks were reported to the Internet Crime Complaint Center (IC3), with a 300% increase since 2015. As a precaution, Two-factor authentication and data encryption should be used for all important transactions.
Use VPN’s
Virtual Private Networks (VPN) are a necessary safeguard for connections within a company network, as well as between offices and employees who work from home or over public WiFi. VPN’s work by encrypting data being sent over the internet. When accessing unsecured networks without a VPN, the user should take care to clear their browser’s cache and delete cookies (files created by visited websites) containing passwords and financial information, while also disabling file sharing.
Watch out for suspicious emails
While social media has hastened the spreading of information and brought millions of people into contact with each other, it has also been a boon to hackers, who can now easily glean information on employees from online profiles. Unsuspecting staff members could thus click on virus-wielding hyperlinks sent by attackers who assume the identity of a friend or family member (phishing). Companies should explain this threat to employees, highlighting the importance of using work computers and email accounts exclusively for business-related activities. This would greatly reduce the danger of employees opening compromised messages and putting the entire network at risk.
Be wary of BYOD
Though most employees would prefer to combine their personal and professional lives on one device, thus bringing their own computers, phones or tablets to work (Bring Your Own Device, or BYOD), this increases the potential security threat in the workplace by exposing office networks to malware brought in from the outside through embedded credentials. Businesses should explain this threat to their staff, highlighting the importance of using work computers and email accounts exclusively for business-related activities, particularly if they handle sensitive information.
Dealing with malicious insiders
Insiders have had an intentional hand in a number of high profile data leaks over the past few years. The case of Panamanian law firm Mossack Fonseca, as exposed in the Panama Papers – the largest data leak in history, revealed the offshore financial activities of international figures ranging from Russian President Vladimir Putin to soccer star Lionel Messi. Though it’s impossible for an organization to fully protect itself from disgruntled members, background checks can be conducted during the hiring process to detect candidates that have violated security policies in the past. Solid non-disclosure agreements can be a strong line of protection for business activities conducted within the rule of law. Additionally, specific hardware, data sets and access codes can be assigned through network segmentation, clarifying who is responsible for what information, thus increasing the chances of identifying the inside source of a data breach. To this end, monitoring work stations (with the knowledge of employees) via analytics software and security specialists can also go a long way towards discouraging future leaks. Other red flags include expressions of dissatisfaction in the workplace and employees who seek or request access to information outside the scope of their regular duties.