How To Train Your Team To Avoid The Most Common Insider Threats

10/2/2020



 

As we reported in our last blog, the cost of a data breach averages globally at $3.86 million. Lost revenue, operational disruption, legal fees, and reputational costs are just some of the consequences of a serious breach. What you might not know is that the underlying causes of data breaches are a lot closer to home than you may realize. 

 

According to a recent report, human error accounts for 23% of data breaches, while 19% are caused by stolen or compromised credentials. 

 

It’s crucial to educate your team on the most common causes of data breaches and how to avoid them. In this blog, we’ll outline the main types of insider threats and how to mitigate them.

 

Types of insider threat
 

By definition, an insider threat is when the security risk is posed by a member of staff, a partner, or a vendor – someone you know. Lack of training and communication around security policies increases the risk of insider threats, which can come in many forms and vary in risk level.  

 

Human error

Human error is the cause of most internal breaches – simply not being aware that a certain activity poses a risk. Examples of human error include accidentally introducing Malware through a device or phishing email, having a weak or shared password, or accidentally sharing sensitive information with someone outside the organization. Having a clearly communicated security policy is the best way to combat this. 

 

Physical loss

This type of data breach is caused by the physical loss or theft of documents that contain sensitive information, for example, patient files, a list of customer credit card numbers, or a spreadsheet of contact details. Keeping a paperless or cloud-based database prevents this type of breach. Data masking can also be employed to ensure that any personally identifiable information (PII) is de-identified before a member of staff can print anything out.  

 

Malicious

With malicious insider threats, the breach is intentional. A malicious insider could intentionally introduce Malware, steal valuable intellectual property, or disclose trade secrets to a competitor. Think of a member of staff that left the company on bad terms.  Having staff members sign a non-disclosure agreement is one method of discouraging malicious disclosure of information. 

 

Disclosure

When the disclosure is unintentional, a team member might have unknowingly shared information with a third-party vendor with weak security. In this case, data masking would be the surest way of ensuring any data that leaves the business is thoroughly de-identified and cannot be used to identify your customers. 

 

Portable

In this case, the breach is caused by a lost or stolen device, like a hard drive, storage device, laptop or mobile phone. Having a solid security policy for business devices ensures that no sensitive data would be stored on a portable device in the first place, at least not without being masked first. Access to files and servers should also be protected by multi-factor authentication including secure passwords. 

 

Stationary

A stationary breach is caused by prohibited access to a stationary computer, laptop, or server. Prohibited access can be prevented by having a biometrics system installed, as well as multi-factor authentication, which makes it impossible for someone without the necessary credentials to access a corporate device.

 

Malware

Malware is a type of malicious software that opens up access for a hacker to exploit your system. Often someone would not be aware that they have downloaded or introduced Malware until it is too late. Using standardized enterprise-grade antivirus software and having a clear device policy should stop Malware attacks in their tracks. 

 

How at risk are remote teams?
 

According to research by the Ponemon Institute, remote work resulting from the COVID-19 pandemic was expected to increase data breach costs and incident response times. Outside of an organization and its servers, an employee might be tempted to download files onto their computer, use their work-issued laptop for non-work activity, or not have the protective software in place to prevent a malicious attack.  

 

Any security policy that covers work-place devices has to have adequate protocols in place for remote teams, including guidance for accessing servers, sharing information, using public WI-FI (this should be discouraged), and protecting sensitive data. 

 

Stop the gaps before a leak occurs
 

Communicating your security policy ensures that all company stakeholders are aware of the risks at all times, and are required to take the necessary precautions to prevent data breaches from taking place. These precautions should be rolled out across the organization without exception, and include onboarding and training to ensure their effectiveness. 

 

Trusted precautionary methods include: 

- Using a VPN, not Wi-Fi

- Two-factor or multi-factor authentication

- Non-disclosure, corporate device, and security policies

- A strong password policy

- Antivirus protection for all staff

- Having an up-to-date compliance record

   

Implementing data masking at the production level ensures any data that is copied, shared, and distributed is thoroughly protected from unauthorized persons. Data masking can also be implemented across devices, effectively protecting any stored information outside of your main premises. 

 

HushHush data masking components are developer-friendly and integrate easily with your existing IT infrastructure. Request a free demo now to see how it can work in your organization. 


BuildNumber = Release-18.0_20201120.1