We often focus on external cyber threats, but what about threats from within?
With 108.9 million accounts reportedly breached in Q3 2022 alone, mitigating the risk of a data breach should be high on any business owner's agenda. But with the increase in remote work, it’s harder than ever before to keep an eye on internal threats.
In this article, we’ll look at what insider threats are, how to spot them, and crucial steps to prevent them.
[Table of Contents]
What are insider threats?
An insider threat refers to a security risk caused by any individual, third-party, or entity that has access to confidential data, files and applications. This could be through a back door in a virtual call center platform, clever social engineering, or simply weak passwords.
These threats are growing increasingly common - sometimes, they’re an accident or the actions of a disgruntled individual. However, they can also be part of a larger scheme where outside parties target and approach your staff.
Image from Bravura Security’s report
What are the Types of Insider Threats?
In general, we can classify most insider threats into three categories.
-
Malicious insider threats
Some bad actors may be current or former employees, third parties, or partners. These criminal and malicious insiders use their privileged access to intentionally steal company data or intellectual property for revenge, fraud, blackmail, sabotage, and even espionage.
One such threat is departing employees stealing trade secrets. This is a tricky one to monitor, with even computer security software giant McAfee filing a lawsuit against three ex-employees who had moved confidential data like customer lists, sales tactics, and pricing data to unauthorized USBs and email addresses.
-
Negligent insider threats
Employees who lack cybersecurity awareness are often the source of negligent insider threats due to carelessness or inexperience.
A small-scale example of a negligent insider is when an employee breaches cybersecurity protocols by leaving their computer unlocked in a busy office environment. At the other end of the scale, Pegasus Airline reported in 2022 that a misconfigured database accidentally exposed 23 million sensitive files - including insurance documents and plain-text password information.
Read more: What is password encryption and how does it work?
-
Accidental insider threats
Although most accidents contain a degree of negligence, accidental insider threats are usually oblivious that they've been compromised in the first place.
An example of an unintentional threat is an online remote support agent mistyping an email address and sending confidential business secrets to a competitor. They might not even notice this event has occurred until the competitor acts. This is an unfortunate, unintentional accident - but a threat, nonetheless.
Free to use image from Unsplash
How to detect existing insider threats
Insider threats are increasingly difficult to detect because they have legitimate access to the system and data. As they say, prevention is better than cure. But what if you have potential threats within your business? Here are three ways to spot any existing risks:
-
Audit, Audit, Audit!
An effective insider threat security audit should pinpoint any vulnerabilities, close any backdoors, and eliminate any flaws in the system.
To get the most from your security audit checklist, the following points should be considered:
-
Company security policies
-
Security policy training
-
Computer software and hardware asset lists
-
Password training and implementation
-
Bring Your Own Device (BYOD) plans.
-
Automated software patch management
Auditing these aspects of your business should highlight any areas that might be at risk and let you make changes before they become a threat. For instance, your BYOD policy might have no restrictions on how data can be downloaded. This means that if someone did download confidential data, they could easily share it - and you may have no way of tracking it. To counter this, you could make data accessible only through authorized apps, with no option to download the data.
Read more: What is a Security Audit and Does My Business Need One?
-
Review how you organize your data
Data is valuable, and that’s why it’s usually the target of insider threats. You should review how data is accessed in your audit, but it’s worth going beyond that. Access policies can help minimize risk, but you're still open to potential breaches without a strong data quality management framework in place.
Take stock of your existing storage system, any data-related processes, and what exactly you collect. Is there sensitive data being gathered that you don’t strictly need? Remove it, and you remove one area of interest to malicious actors. Is your data stored on-site? Consider moving it to a secure cloud solution to reduce physical threats.
-
User behavior and activity monitoring software
User behavior analytics (UBA) are used to gather valuable observations on how users are behaving. It’s often used alongside user activity monitoring (UAM), which gives you insights into what websites are being accessed, among other things.
If you have this in place, you will be able to see any staff that could be a threat - and again, this doesn’t have to be malicious. It could be entirely accidental. So, if you notice a particular user keeps mistyping your .NZ domain from Only Domains, and doesn’t notice when it takes them to the wrong place, you can intervene with targeted training before it becomes a problem.
Free to use image from Unsplash
Five ways to prevent insider threats
We’ve spoken about how to address existing risks, but how do you prevent future ones? Here are five important steps to consider.
-
Develop security policies
Developing a robust security policy for insider threats is essential for protecting all sensitive data and company assets. This should cover everything from your public websites to your intranet and CRM tools.
They should be broad and encompass areas like:
-
Password requirements
-
BYOD and other hardware restrictions
-
Data management
-
Acceptable use
-
Remote access
-
Permission-based access
Ideally, you should work with security specialists to design these policies, which may include bringing in external consultants. This should also not be treated as a ‘one-off’ - instead, this should be an ever-evolving document that changes in response to new software and the most up-to-date cybersecurity trends.
2. Company-wide training
Knowledge is power, especially in the complex world of cybersecurity. Every employee in your business, not just your IT staff, should be provided with training about insider threats (and cybersecurity more broadly).
This is one of the best ways to combat threats caused by negligence or by accident. As well as providing company-wide training, it’s worth running smaller, targeted sessions based on particular needs as well. For instance, do your sales department regularly take down personal details from your customers? Then they should be trained in data privacy methods.
3. Password rules and restrictions
Ultimately, passwords are the first line of defense against potential insider threats. So, establishing a strong password culture within your team will help keep them at bay. Make sure that your staff aren’t reusing passwords across multiple apps and sites, and provide details on what makes a strong password.
The safest and easiest way to manage your company's passwords is by using a password manager, like TeamPassword. Password managers provide an encrypted environment where your employees can create, store, and share login details and other sensitive records.
This should also factor into your software purchases. For instance, the best contact center software should include two-factor or multi-factor password authentication to remain secure - and if it doesn’t, you should avoid it! Ensuring the tools you provide have strong password protection and encryption protect your employees, and in some instances, can even make their jobs easier.
Image from XKCD
4. Clear employee exit strategy
Having solid strategies in place for departing employees is just as important as having an onboarding process. Not only does it allow you to gather feedback through exit interviews, it also gives you the chance to reduce potential threats.
Some methods that you can use during offboarding include:
-
Immediately delete account access after their departure
-
Deactivate mobile app access from personal devices
-
Inform relevant parties about the departure
-
Change shared login details
This is particularly important in cases where an employee has been fired or let go - but it should be applied across the board.
5. Physical security methods
If all else fails, regularly backing up your data means you won't lose any important information, even if your systems are compromised. Most tools, such as outbound call center software or data analysis platforms, come with cloud storage options, and it’s worth making use of them.
However, not everything can be kept in the cloud - staff might have laptops with confidential data on them, or you might have some new product prototypes in the office. It’s important to factor in physical threats just as much as digital ones.
Restrict access to your office via keycards or codes, and provide members of staff with safe places to store technology if needed. It’s important to include this aspect in your training too - people tend to be nice and might be inclined to hold a door open to a visitor. This kind of ‘social engineering’ can be used to gain access to off-limits areas.
What now…?
Early threat detection and mitigation is essential for your organization's survival and future success.
Providing employees, stakeholders, and board members with the right knowledge to detect and protect against insider security breaches can help shore up your defenses. Take the time to create clear security policies and design a clear offboarding process. Just remember: insider threats are always evolving, and you should too.
