(To be attributed to Mr. Neelesh Kripalani, Sr. VP & Head- Center of Excellence – Clover Infotech)
Insider threats are one of the top ten threats faced by organizations today. Before we dwell further into this, let’s understand what “Insider” threat is. An insider threat is caused by a current employee, former employee, business associate or any other person within an organization who has or had authorized access to an organisation’s network, system, or data and therefore could harm the business. General perception is that insider threat comes from rogue employees with malicious intent, however most organizations fail to realize that not all insider threats are intentional. Some of the employees could be posing an insider threat due to their ignorance or negligence.
Insider threats are different in the work-from home era
A substantial number of insider threats can be attributed to negligence and this is on the rise due to COVID-19 as most organizations have switched to “Work From Home” (WFH) mode of functioning without adequate security preparation. This sudden and massive shift has exposed loopholes in the organizations’ security systems. According to recently published survey results by IBM Security, “53% of employees are using their personal laptops and computers for business operations while they work from home, however 61% have also conveyed that their employer haven’t provided tools to properly secure those devices.” (Note- survey was conducted in the US among adults who are newly working from home due to COVID-19). In addition, employees working from home face several challenges and distractions which can easily lead to mistakes like sending an email with sensitive company information to the wrong ID or clicking on a link received via email from an unknown source.
Why does it matter so much?
It matters because such threats lead to loss of money as well as reputation of the organization. Moreover, the longer it takes to discover an insider attack, the costlier it will be to fix and the higher will be the losses. Thus, it is imperative to take necessary preventive measures in order to protect against them. Dealing with insider threats requires a different strategy than the regular cybersecurity measures because their inherent nature is different. The IT security team needs to carefully manage the extremely sensitive insider threats during this crisis as many employees have several concerns and need support as well as protection by organizations.
Here are 6 best practices for insider threat protection and prevention during COVID-19:
1. Arrange periodic cybersecurity trainings for employees
There are several ways to prevent an insider threat but the most critical one is implementation of training initiatives for employees to ensure better understanding of remote workplace security policies. Engage with your employees periodically to grow awareness regarding cybersecurity. Train the employees on how to identify security issues and encourage them to report the same by means of incentives. A consistent, clear message on organization’s security policies can help reduce the chance of accidental insider threat to a great extent.
2. Integrate relevant cybersecurity tools
There are several tools that can help organizations to deal with insider threat. Tools such as Data Loss Prevention (DLP), Security Information and Event Management (SIEM), User Activity Monitoring (UAM), Privileged Access Management (PAM) etc. help to detect and deal with insider threat incidents to a great extent.
3. Perform organization-wide risk assessment
IT security team must identify the critical assets and assess them for vulnerabilities. Accordingly, the security infrastructure needs to be beefed up to cover the identified risks and vulnerabilities on priority.
4. Make use of data masking and encryption
Exchange of sensitive data between employees can be done in an encrypted manner so it would be useless even if there is an unintentional data leakage to the bad actors or even if they somehow get access to the same.
5. Enforce strict exit policies
Access to individual accounts should be immediately blocked and passwords of shared accounts must be updated as soon as an employee leaves the company to prevent them from accessing any sensitive information after their exit. Organizations must also ensure that all the concerned third parties know of the employee’s exit so that they can also de-authorize access to any sensitive system or information.
6. Don’t rule out physical security
In addition to cybersecurity, organizations must also focus on physical security such as physical document security, sensitive document storage etc. For example- one of the predictable scenarios of remote working is the need for employee to carry sensitive information in physical document forms to their home. Organizations must come up with a strong policies for the protection or destruction of sensitive company information once employees complete the task for which they carried these physical documents.
We need to accept that one cannot completely eliminate the insider threats, but it can be prevented with some of the measures mentioned above. However, in the absence of an insider threat protection plan, organization can only react to an attack instead of preventing it.