13 Best Practices for Eliminating Insider Threats

Many business owners focus on protecting their company from outside threats. They see hackers, viruses, malware, and other malicious threats as the biggest problems their company will face. While it’s true that these threats need to be addressed and taken seriously, they’re not the only threats out there. In fact, a good number of threats actually come from within the business. One survey done by Forrester (News - Alert) showed that more than half of all security breaches (58 percent) were actually caused from inside the business. Another 55 percent came from an action taken by someone inside the business, according to the 2015 IBM Cyber Security Intelligence Index.

What can you do to address these threats? Here are 13 different ways you can greatly reduce or eliminate these insider threats.

1. Make a Plan

The first thing you can do to deal with these threats is to make a plan. Recognize that they exist and prepare for them. The most effective way of doing this is to build a team of individuals from various departments, including IT, HR, and cybersecurity. This team can provide training on Internet and network security. They will present network security tips to all employees, train new employees on how to avoid viruses and malware, and log all activities to determine which employees may need remedial training. Many of the most common problems caused by employees can be avoided with training and education.

2. Have a BYOD Policy

If your employees are bringing their own devices to work, make certain you have policies in place that state what access those devices have. In many cases, employers set up a much more secure network for those devices to log in to. This way, it’s much easier to keep data from being moved to these devices and to keep any viruses or malware these devices have from infecting your system.

3. Monitor Your Network

If an event happens on your network, you need to know what happened before and after it in addition to what the event itself was. This means you need to monitor everything constantly. Knowing who has direct access to your server, what they’re doing, and how their actions may affect the network as a whole is important.

4. Don’t Use Guest Accounts

To better monitor your network, you need to make certain every employee or individual who will access your network has a credentialed login. Don’t use generic logins such as “guest” because you never know who is using that login. These types of accounts also often have very basic and easy to guess passwords, making them very susceptible to hacking. If you have to use generic logins, make certain they are very restricted and only have access to what they need.

5. Review Access

Did you give an employee access to data for a project? If so, do they still need that access? If they don’t, revoke it. You need to regularly look at which employees have access to what data and software. If someone doesn’t need certain data to do their job, they shouldn’t have access to it.

6. Watch Your Exfiltration Points

Data can exit your network at a number of different points: USB drives, the Cloud, email, instant messaging software…even printers. Do you know all of these exfiltration points? If not, make a list. Then consider which monitoring tools you need in order to watch all of these points. If there’s a breach, you want to be able to immediately identify what route the data took to leave your network. By logging these exfiltration points, you’re likely to discover a few that you aren’t monitoring. You may be able to stop breaches before they occur by boosting your security on these points.

7. Know User Reasoning

Are your employees installing or uninstalling certain software? If so, why? If users are in need of additional software or have software they don’t need, consider changing the virtual desktop or machine image so that it includes wanted programs and does not include programs that employees don’t need. Doing so will eliminate any emerging threats that can come from employees trying to add or remove software on their own.

8. Respond to Events Quickly

If your network is under attack, you want to be able to quickly respond and handle the incident. Having a short mean time to resolve, or MTTR, is vital in handling any data breaches. With the right cybersecurity tools, you’ll be able to handle these breaches within hours rather than the days or weeks it might otherwise take. By integrating different user monitoring tools with your cybersecurity software, you’ll be able to quickly find any evidence you need in any instance.

9. Watch Anyone You Believe is High-Risk

Do you have a few users you’ve caught trying to download programs or opening attachments from unknown sources? Make sure they know you’re monitoring their activities. If you do see them doing something malicious, you have proof that HR can use to remove them from the company. If that happens, make sure you remove all of their login credentials as soon as possible. You also need to check that they have not copied company data to their personal devices. You can do this prior to termination.

10. Cut Off Third-Party Access

If you do terminate an employee, make sure to contact any third-party services that the employee worked with just in case that service gave them an account on another system. Do this if an employee leaves voluntarily, too. Even if you trust an employee to never make use of that account again, it leaves an inactive login that hackers could take advantage of.

11. Control Hardware

Do you have company laptops or tablets that employees can check out? If so, you need to know what they’re doing with that hardware when it’s out of the office. They may install programs or use unsecured networks that allow viruses and malware to infect these computers. Once infected, these devices can bring the virus back to the office.

12. Do Not Make Anyone Exempt

Insider threats can come from any level. No one should be exempt from usage monitoring, training, or any policy. Every employee from the new administrative assistant up through the CEO needs to be held to the same policies.

13. Have Regular Reviews

Threats are always changing. As little as ten years ago, BYOD policies weren’t needed. People weren’t bringing smartphones and tablets to the office every day. Now, they are. Make certain you regularly review the internal risks you face and adjust existing policies or create new policies to address them.