What Is An Insider Threat and How Can My Business Prevent Them?20th December 2016
The online focus of today’s business world allows companies across the globe to operate more efficiently than ever before, but as we rely more and more on the internet, we have to be aware of the potential for security breaches and the damage they can cause.
Last month, we looked at external threats in the form of malware, but this month we’re examining the danger of insider threats, a form of security risk which many businesses aren’t prepared to face.
What is an insider threat?
Much of the focus of online security is aimed at protecting against the various external threats which exist and are being constantly developed. Insider threats have been an ever-present part of the business world for decades, but many businesses fail to defend against them or identify them at all.
An insider threat is potential harm to a business which comes from inside the organisation itself. This can be from current employees, contractors, business associates, former employees or anyone who has insider access to your data/information. Insider threats can include theft and fraud as well as data loss, exposure of private information and sabotage to the computer infrastructure of the business.
The most famous recent example of an insider threat would be Edward Snowden, who disclosed a mass of information to the public, taken from private NSA servers. Snowden was a CIA employee and United States Government contractor, and leaked the information without authorisation, exposing a wide network of classified surveillance programmes in operation throughout the US.
Insider threats can have huge consequences, even for smaller businesses. Loss of data from servers, or malicious software left by an employee to disrupt or break computer systems, can bring the operation of any company to a quick halt. Client information can be leaked out and exposed, becoming vulnerable to a wider selection of external threats, and this can harm the reputation and legitimacy of a company beyond repair. Insider threats are dangerous, and often completely unexpected, so it’s important to take steps to prevent them as best you can.
Preventing insider threats
While you can never fully eliminate the potential for insider threats, there are effective measures you can take to help prevent them from causing you harm. Many companies don’t employ the specific measures required to combat against insider threats, however most measures aren’t that complicated.
System administrators can curate access throughout a business, providing different employees with different levels of access relevant to their positions and responsibilities. This can greatly reduce the possibility of insider theft, fraud or exposure of private information. The more employees with open access to your data logs or information network, the greater risk you run of insider threats – and the harder it is to identify and rectify these threats.
A sturdy internal security plan should be enforced as early as possible. Separate tiers of access should be given for contractors than full-time employees, for instance. Employees whose role and responsibilities require greater levels of access should be put into the appropriate tier, so they can access what it necessary for them to perform their job. Having a consistent structure like this throughout your company will limit the opportunities for insider threats, and will make it easier to trace and identify the cause of any threat that does come to pass.
Implement post-employment measures
Insider threats can just as easily come from former employees as they can from current ones. Every business will face departures, some will be amicable, others won’t, but the post-employment process is a vital aspect of fighting insider threats.
Many companies fail to revoke login credentials for ex employees, leaving them free to access company databases weeks, months or even years after they have left the company. Someone could use this maliciously over an extended period of time to steal classified information, distribute or sell client data, or even leave malicious code or software in an online system which could cripple the company.
Your business should implement a thorough post-employment process. The departing employee’s login information and company credentials should be removed from the system immediately after leaving. This will prevent unauthorised access to data from people who, without others realising, still hold ‘legitimate’ means of accessing private data.
Disgruntled employees who leave on bad terms can be a particular threat, so it helps to treat every employee well and with respect, and not encourage a poisonous or unhealthy working atmosphere which may forge malicious intent in the future.
Sometimes an insider threat is influenced by an external source. Employees can be tricked or coerced into providing access for others, without meaning to bring harm or damage to the company. Educating employees about online security, and the importance of discretion when it comes to accessing private information, can bolster individual defence against outside trickery. If an employee is approached with a request – perhaps by someone claiming to be a security official – they should take measures to be certain that the request is coming from a legitimate source. Identifying threats like these before any harm can be caused will inform and enhance security in the future, so regular education should be a focus for any company.
Indos Computer Services provide friendly, jargon–free computer services support for small and medium sized businesses throughout Watford, St Albans and Hemel Hempstead. We can offer expert advice to help inform protection against all internal threats, helping you to design and employ an effective security system to keep your company strong online. For more information, don’t hesitate to get in touch with us today.