How organisations can protect against insider threat

How organisations can protect against insider threat
(Image credit: Pixabay)

It’s always a blow when an employee leaves, doubly so with the most talented ones. On the one hand you’re losing a skilled member of the team, and on the other they’re possibly moving on to a competitor and taking their knowledge base with them. This is why employee monitoring is so important for good data management.

About the author

Richard Agnew, VP EMEA at Code42.

Perhaps, more worryingly, they’re also leaving with a little more than some stationary – they could be stashing your data and possibly intellectual property (IP) in their cloud. If they’re going to a competitor, maybe they’ve decided to take some of your data with them to hit the ground running in their new position. Or they might be going out on their own and anticipate that some of your sensitive data could provide them with a much-needed edge. They may even try to tempt some of your valuable staff members with them.

It’s worth remembering that, according to Code42’s recent Data Exposure Report, 63% of all survey respondents admitted that they brought data with them from their previous employer to their current employer. Think about that: If these employees are bringing data with them from their previous job, then it’s highly likely that they’re taking your data with them to their next employer.

Effective processes enforced by the right technology

These factors make a compelling case that every organisation needs a program to effectively manage insider risks with proper attention to endpoint security and data management, whether because of departing employees, careless decision-making, stress or discontentment, or more malicious motivations. To be successful, organisations require a combination of effective processes and new technologies. This way, employees will be much more likely to follow the correct data security procedures, and the organisation will have the necessary network monitoring and policies in place to protect data.

First up: The processes effective at managing insider threat

When creating an insider threat program, you want to make certain you can maintain a healthy security culture. It’s important to be transparent about the nature of your insider threat program. First, it’s essential to establish the proper protocols for good data management, including how and where employees are allowed to store and use company data as well as what apps are appropriate for data sharing and collaborative work. Make sure the entire organisation is educated about the protocols.

These protocols must be reinforced through security training, awareness, and other reminders, such as the display of a standard login banner that specifies to users that they are accessing the organisation’s data and all of the data belongs to the organisation.

Additionally, it’s vital that the organisation remains transparent about its insider threat mitigation program and why the insider threat program is essential to the organisation’s success. Communicate to staff that the program isn’t about trying to catch people doing things they shouldn’t, it’s about protecting the organisation’s data and intellectual property. By openly discussing the program, you will not only deter potential malicious insider behavior, but also help create an environment that is less Big Brother and more of an appropriate security culture.

That last point is indispensable. Today, most staffers believe they personally own work products created on the job. According to the Data Exposure Report, even a majority of information security leaders (72%) agree that such data is not just corporate data but also their work and ideas.

Other effective processes can include performing data inventories as part of formal employee onboarding and offboarding procedures. After all, enterprises collect badges, notebooks, phones, and other business property – it’s also appropriate to ask employees what data they have and to appropriately return it.

Continuous vigilance

Finally, it’s crucial that these exercises not be considered one-and-done events. To be effective, the insider threat mitigation program requires consistent awareness and training sessions, so that the right types of behavior are reinforced. Partner with employees and show them exactly how to properly gain permission to take data with them, e.g., their personal contacts, but not work data, when they leave.

When it comes to the technology behind an effective insider threat program, historically, too much emphasis has been placed on defensive technologies that attempt to block data leakage – but too often actually fail to do so.

The better strategy is to focus on technologies that monitor all data movement and can detect anomalous file movements across cloud storage and traditional environments. Ideally, you will be able to identify suspicious file movements while also enabling the document sharing necessary for effective collaboration. And, for those times when something suspicious is flagged, all of the necessary information can be collected so that a proper investigation can be conducted.

While we can never know everything that can trigger insiders to act carelessly or badly, it can be something as typical as seasonal depression or as nefarious as outside fraudsters offering to pay insiders for valuable data. With the right processes and technology in place, the causes and motivations for putting data at risk won’t matter. What will matter is that the threat has been mitigated.

Richard Agnew

Richard Agnew, VP EMEA, Code42, is a veteran of the UK IT industry having held management roles at EMC, NetApp and Veeam. For Code42, Richard is responsible for growing EMEA. He jopined in July 2020.