Security is vital for businesses, and those that rely heavily on their IT will invest a great deal in keeping their systems and data safe. However, no matter how efficient your firewalls and antivirus software are, there’s one problem that they can’t deal with: insider threats from your own employees. Today we’ll take a look at three ways that your security can be at risk from your staff, and how to manage the problem.
Accidental Insider Threats
Accidents happen and employees are only human. Mistakes and accidental errors, which usually happen when data is in transit, are the most benign insider threat. There are ways to optimize the work environment to minimize such errors. For example, if you have a security policy but your staff haven’t been properly trained in what it is and how to comply with it, then you have a disconnect that can lead to problems.
This is a rather more common insider threat. These threats are still based in user error, but they arise from a lack of due diligence. It could be data that’s got lost in a database, malware being downloaded to the network or mobile devices being lost. It may not be premeditated, but sloppiness is a more serious problem for business owners.
Sometimes an insider who has IT access will behave with intentional malice towards an organization, bypassing the security policies the IT administrator has put in place. This can happen in a number of ways. It could be the intentional theft of important data, or the deliberate injection of malware. It could be a mole – an individual who’s really an outsider, but who has penetrated the organization and been granted access to IT resources. He or she then uses their position to pass on information to competitors, steal data to sell, or store it up to use for malicious purposes in the future.
Identifying Insider Threats
Spotting insider threats can be difficult, because by definition it’s usually covert or intermittent. Still, there are ways to identify if there’s a bad actor at work.
- • Usually, users require access to specific resources to do their work. If someone is accessing resources that aren’t really needed for the tasks they do, and especially if those resources contain sensitive information, it could be a red flag. You may want to monitor that employee’s use of your systems.
- • Traffic volume upticks can be a clue. If you can’t account for sudden surges, you may want to look into why this is happening.
- • Activity times can also alert you to suspicious behaviour. Spikes in traffic at strange times may mean there’s something not quite right.
- • Increased visibility: Systems that correlate information from multiple sources will help you keep track of what your staff are doing.
- • Policies and enforcement: First of all, you need to have policies on how staff use your technology resources, and then you need to communicate these clearly. This will eliminate any misunderstandings and make sure staff don’t drop the ball.
- • Comprehensive training: Not everyone is a computer genius and mistakes are easily made. To reduce human error, proper training goes a long way to help staff understand what is expected of them, and why.
- • Controlling access: You don’t want to spy on your staff, but you can protect your systems by setting up permissions for every part of your business. This will enable you to control who can see what information, and help manage negligence and intentional sabotage.
Protecting Against Insider Threats
Although it can be hard to spot, there are still some straightforward preventive measures you can take to eliminate insider threat problems.
Do you need help protecting your network and data against insider threats? Call the IT professionals at Quikteks today at (973) 882-4644 for advice.