The lost of sensitive data is among the biggest threats that companies face. It may include personal information of customers and employees as well as details on transactions. Often, the biggest threat is not from the outside, but from the inside. Network administrators often have a complete privileged access to the entire corporate data, as they have the responsibility to manage and safeguard it. In most companies, the weakest link in the security system is the insider threats. Your company may have mitigated outside threats effectively, by using a combination of corporate-level antivirus, intrusion protection and dedicated firewall devices, but they won’t protect your company against an IT employee gone rogue. Often an employee takes a peek on the sensitive corporate data just out of sheer curiosity. For example, people with enough privileges have been discovered to open files on employee salary rate, just because they want to know how much their co-workers earn.
In recent years, there has been an increase on cases of insider incidents in many companies, including financial service firms. Many of these insider threats are unintentional, for example, an uninformed marketing employee may open a bogus order confirmation email, while others may install pirated, malware-infected software inside their PC
These are a few ways to protect your company from intentional and unintentional insider threats:
Restrict and Monitor Employees with Special Privileges
Almost half of data breaches come from inside the company and those you need to watch the most are people with special privileges. The IT department should use thorough pre-employment screening to eliminate people with tainted usage policies record. You can access information from fraud-prevention services to find information about people who have committed IT-related violations but not prosecuted. You need to give employees just enough privileges for their jobs; on the other hand, tasks should be distributed among a number of IT employees to prevent a concentrated privileged power. There should be a log of privilege access that is evaluated daily, or at least weekly; by a software or a different department.
Make Regular Updates on User Privileges
About a quarter of insider incidents come from employees that have resigned, have been laid off or undergone a job change. Obviously, the biggest threat comes from those that had been fired, but others who had been assigned to other departments or had resigned may also pose significant risks. Breaches could happen if the IT department fails to disable or modify the employees quickly enough or in some cases, the employee was told to do some unfinished tasks after being terminated. Termination plans should be performed in a timely manner and encompass the entire access areas. A well-designed system should be able to terminate or modify the employee’s privilege access within minutes.
Monitor Employees who have a History of Minor Misconducts
It was found that people who have engaged in minor misconducts are more likely to develop into a worse individual, including intellectual property thief. CIO should monitor and if possible, restrict people with inappropriate behaviors, such as downloading pirated software and pornographic material to their work computers.
Use a Log-Files Analysis System
On a significant majority of security breaches, evidences are available inside the log files. These are three anomalies in log files to watch for:
- Abnormal increase of logged information
- Abnormal absence or decrease of logged information
- Abnormally long entries within logs
For example, following a breach, there could be an increase of log entries by five times and in some cases, the log entries disappear entirely because the attackers disabled logging beforehand. If you see long lines in the log, it could be a trace of SQL injections and other similar attack methods. Too many IT security employees install analysis tools and event monitoring and quickly forget about them. These tools are only useful when you configure them up properly to detect likely problems. A simple tool that detects long entries and can immediately send an alert is often useful.
Set up a Data-Loss Prevention System
Many IT departments install a system to filter and monitor outbound network traffic to prevent intellectual property from leaving the corporate networks. It is recommended that all companies and organizations vet the outbound data packets, as well as inbound ones. By understanding, controlling and monitoring outbound network traffic, you can significantly increase the chance of preventing malicious activities from affecting your company.
Educate Everyone on the Company about the Danger of ‘Insider Threat’
Employees, especially IT staffs, should get regular training about latest developments in security threats and how to detect malicious behaviors (such as, data theft) performed by a co-worker. A loyal and honest employee is CIO’s greatest ally in a struggle against internal enemies. There should be an anonymous reporting mechanism that allows an employee to report fraudulent activities, without risking his career due to bad politics in the office. An annual awareness courses should be accompanied with the distribution of pamphlets, flyers and handouts about recent security threats to all departments in the company. A Facebook group for company’s employees should be able to continuously educate people about latest security issues.