Insider Threat Management in 2020 – What’s Your Plan?
Many organizations know how to manage hackers or malware, but not as many have a plan for dealing with an attack that comes from within company walls (or firewalls). Whether malicious or accidental, insider attacks can leave organizations feeling vulnerable and eager to prevent future incidents. If you read our recent blog on 2019 insider threat stats, then you saw the potential damage that insider attacks can have on a company’s operations, brand and bottom line.
While costly and disruptive to repair many insider attacks can be prevented with an adequate plan. As we wrap up 2019, we can assess existing insider threat protocol and put together a 2020 plan to increase security, ensure employee training and prevent attacks. In the following sections, we’ve broken down some areas that should be on your 2020 insider threat program checklist.
Analyze Employee and Workplace Behavior
There’s no one-size-fits-all plan to prevent insider attacks and a company’s program needs to be designed to match their unique vulnerabilities and risks. The first step is to evaluate the workplace and create a list of positions that pose the greatest risk. Certain roles might immediately come to mind due to their involvement with important data—like accountants, IT directors or executive leadership. But don’t skip over customer service members, developers, contractors or third-party vendors who might also pose a risk to data due to their lack of training or ability to build their own backdoor access.
Once you’ve built this list of at-risk roles, start surveying the employees to better understand what activities they carry out in their position that may put your data at risk and how their attitude— disgruntled, negligent, etc—may be a red flag. Even well-meaning employees can cause data incidents due to accidental misuse of USB drives, cloud networks or email. Plan for periodic check-ins in 2020 to monitor employee behavior and respond quickly with corrective training.
Take workplace analysis beyond daily activities by gauging your employee’s level of security awareness. Do team members know how to securely share confidential data? How do they respond to phishing emails? Answers to these questions will provide insight into what’s currently happening in your workplace and what policies need to be included in your 2020 plan.
Take Inventory of Data and Information Access
A critical aspect of insider threat prevention is just knowing who has access to data. Using your list of at-risk roles, start mapping out what information and data your employees touch. Consider company financial data, customer information, credit card details, big announcements, etc. Think about what each role uses in their daily activities and what data they’re regularly asked to share.
The sharing is where problems typically arrive because employees could inadvertently upload data to public clouds, send unprotected links via Slack or email sensitive information. Although well-meaning, these data-sharing activities are risky. For example, a third-party sales vendor might want easy access to a list of previous customers and their order information, so they upload customer info to Google Drive only to later realize that what they uploaded included credit card information and was added to a public folder. Prevent these kinds of incidents in 2020, by using your data-access map to limit any data access that isn’t crucial to an employee’s position.
Establish Internet and Computer Usage Policies
Just leaving a laptop open and unlocked for a quick lunch break could pose a security risk for your data. But if a company hasn’t trained an employee on the safe use of workplace assets, how were they supposed to know any better? Organizations need internet and computer usage policies to provide guidelines for employees about proper use and to make them aware of their risky behavior.
Your organization’s 2020 internet usage policy could include the requirement for employees to access company resources over a virtual private network to prevent spyware. Website blocking software might also be part of your internet usage plan to ensure that no valuable data is accidentally shared.
Computer policy might include requiring employees to use multifactor authentication to log in to computers and to set the authentication to time out after a period of inactivity. You might also install software on employee computers to auto-update antivirus software or to make USB ports inactive. Or perhaps your 2020 computer policy will restrict employees from bringing company computers home or using them on public Wifi networks.
Whatever you include in your 2020 internet and computer usage policies, make sure to have an equally robust training schedule and enforcement plan. Round up your whole team and provide background as to why insider threats are a risk and then go through your policies from top to bottom. And keep in mind that one training session might not be enough, so schedule periodic policy checkups to ensure that you’re all on the same page when it comes to insider threat prevention.
Implement New Insider Threat Detection Tools
Due to the rapid pace of changing technology, your existing arsenal of insider threat detection tools might not be adequate. In planning for 2020, build in some flexibility for implementing software that’s different than what you currently use. For example, Data Loss Prevention (DLP) software has been the go-to for insider threat management, but it could be ready for replacement. With the growing popularity of remote work, the appearance of cloud-based platforms, and bring-your-own-device programs, DLPs are no longer sustainable solutions due to their inability to provide user behavior insight.
Thinking beyond DLPs and standard malware, your 2020 insider threat plan needs to include software that provides more data on user behavior and activity. For example, you could install USB tracking software to alert you to any employee migrating data to these removable devices. Or real-time screen monitoring software could provide the context needed to determine if an employee is inappropriately accessing data. And email and chat monitoring tools can scan employee communications to flag any sensitive phrases.
Be Prepared yet Adaptable to Prevent Insider Attacks in 2020
As the risk of insider threats increases with new technologies and ever-changing work environments, prevention and detection are critical for company security. Analyzing your organization’s current security protocols, workplace behavior and existing software solutions will help you detect vulnerabilities and risks. In developing your 2020 insider threat plan, take a thorough look at how your company operates and build in flexibility such that your plan can adapt and change.
More comprehensive than a DLP or other standard solution, ActivTrak’s insider threat management software includes USB tracking, risk level reports, activity alarms and other tools to ensure your company has the data needed to prevent insider attacks.