Home > The Cybersecurity Threat Is Coming from Inside the Business – A Quick Guide to Insider Threats

The Cybersecurity Threat Is Coming from Inside the Business – A Quick Guide to Insider Threats

When you hire someone, you expect them to care about your business. You want them to take care of your intellectual property and data. Unfortunately, not everyone has the best intentions. And even those that do can accidentally cause breaches and data loss. You don’t want sensitive customer data or proprietary intellectual property falling into the wrong hands. Today, let’s talk about insider threats—and what you can do about them. Whether they are malicious or accidental, insider threats can cause serious damage to your organization and its reputation. Before we talk about what to do, let’s talk about what they are and why they happen.

Et Tu, New Hire? What Is an Insider Threat?

The motives behind insider breaches vary. Some employees try to turn a quick buck by stealing and selling trade secrets or customer data. Others seek revenge and want to cause as much damage as possible. Some insider threats aren’t malicious—an employee can accidentally send out sensitive information to a malicious outsider. Regardless of motive, preventing these actions is paramount to keeping your business, data, and intellectual property secure. Here are a few tips to help.

Strong HR Policies

Cybersecurity doesn’t begin and end with technology. During the hiring process, make sure to vet employees via background checks. For employees who need access to high-risk assets or data, you may need to do a more thorough background check. For example, an HR director may need more thorough vetting than a copywriter. Next, maintain a tight leash on physical security. Keep track of all keys and equipment. You never know which employees will leave nursing a grudge, so you want to prevent former employees from accessing the building or company equipment. Include regular employee training. If you’ve ever seen employees open the door for former coworkers, you want to train them out of that behavior. They could inadvertently let a malicious actor right back into the building. Finally, consider adopting a “data owner” approach to user access management. In many organizations, granting access rights falls squarely on the IT department’s shoulders. Yet individual managers and team leads have greater insight into which members need access. Look for user provisioning tools that enable data owners to administer their own teams’ access rights; you can always conduct periodic audits and risk analyses later if you’re worried about losing control.

Manage User Access Rights and Permissions

You’ve likely heard of the “principle of least privilege.” This practice dictates that only necessary privileges and permissions are granted to users to perform their duties. It should be your guiding principle. A graphic designer likely doesn’t need access to proprietary product development plans, just as the chief financial officer doesn’t need access to your HR system. To avoid excessive permissions, consider implementing template-based user provisioning. In this case, people with the same title will get the same level of access. This not only creates consistency and reduces risk but saves IT time when creating new accounts. Managing user accounts as a company grows can also present challenges. Users change roles and departments, yet often retain their old access. You should regularly review user permissions and manage group policies to make sure no one has accidentally kept more permissions than they need. Additionally, implement a strong policy for former employees. It’s not uncommon for inactive accounts to remain dormant on a server for an extended period of time. It’s important to deactivate those accounts once someone moves on to another opportunity. The last thing you want is an ex-employee with “God-mode access” and an axe to grind.

Monitor and Report

The previous two tips focus on data loss prevention. Still, insider attacks can happen despite your best efforts upfront. You need the ability to detect potential attacks when they happen—and find out who caused the issue in the first place. This involves monitoring. You’re going to need some monitoring in place to alert you to things like changes in locked user accounts in Active Directory, password change attempts, users reading a large number of files in a given time on the file server (indicatingh potential data theft), or bulk file deletions in a short span of time. Look for tools with robust reporting, including audit trails. In the event of a breach, this will be helpful for post-incident forensic analysis. If you work in a regulated industry, you may be required to show you’ve taken appropriate actions to safeguard data (including implementing the principle of least privilege). Plus, audit trails help you protect the innocent after a breach. You’ll want that data if the worst happens.

Fighting Back Against the Internal Bad Guys

You should be able to trust the people you work with, but unfortunately, bad actors sometimes get jobs at good companies. You don’t have to be paranoid, though. Put the right policies in place, and look for a solution to help you more easily manage user permissions and monitor access across the business.
Jim Hansen
Jim Hansen is the vice president of strategy for applications, infrastructure, and security at SolarWinds, bringing over 20 years of experience to building and delivering…
Read more