Data is simultaneously the lifeblood and the crown jewels of any successful business
This also makes proprietary data, intellectual property, and personally identifiable information primary targets for cybercriminals. As organisations strive to collaborate and streamline productivity, they need to embrace tools and processes that enable them to protect data and prevent unauthorised access.
Data is Under Siege
While most people think of external threats like malware when they think of data loss, they are not the only threat. The threat from an organisation’s own employees is often bigger than the threat from external cybercriminals. In fact, half of business decision-makers believe that employees are the single biggest threat to their company’s intellectual property—and for good reason.
Code42 surveyed more than 1,600 information security professionals and business decision makers for our 2019 Data Exposure Report, and found that 63% overall admitted to taking data from their previous employer to their next company. That helps explain why two-thirds of organisations have been victims of a data breach caused by an insider threat in the last 18 months, despite having data loss prevention solutions in place.
Follow Best Practices to Address Insider Threat
There is nothing you can do to make your network invulnerable or protect your data from every possible breach. However, following established best practices and having the right tools in place can get you pretty close. Here are some steps every organisation should take to protect data and minimise insider threats:
Define Policies
You can’t expect employees to follow guidelines that don’t exist or that they’re not aware of. Define, share and regularly reinforce your protocols around data use and ownership to deter internal risks. Automate acknowledgement of those protocols to ensure that everyone is aware of and acknowledges them.
Clearly Notify Users
Our 2019 Data Exposure Report found that 72% of IT security leaders agree: “It’s not just corporate data, it’s my work – and my ideas.” Preemptively address this misunderstanding by displaying a standard login banner reminding users they’re accessing a private computing facility and that the work they create belongs to the organisation.
Effective User Training
Hold regular training sessions to reinforce the right types of behaviour. For example, educate users about the proper process for gaining permission to take certain authorised data with them when they leave the company, and stress that taking data without following the established process is theft.
Monitor for Anomalous File Activity
Employees need access to sensitive data to get their jobs done—but you need to be able to detect, investigate and respond when unusual file activity occurs. Implement tools and technology to detect (rather than block) anomalous file movements, and flag when employees abuse their data sharing privileges and the trust that has been placed in them.
Detect Data Exfiltration
Employees are most likely to exfiltrate critical company data when they quit, so ensure you collect the data they access or download in the same way you would any other asset. Most of that data departing employees steal is taken in the 30 days prior to the employee giving notice.
Keep Data Safe from Insider Threats
Companies need to be able to trust their employees. It’s the ideas and hard work of employees that build companies and make them successful. That’s why organisations should create data security programmes that allow employees to work collaboratively across platforms and locations but that also verifies that those employees are handling data properly. Training, education and transparency are all critical parts of a successful data loss protection programme, as is a tool that detects, investigates and responds to cases where employees put data at risk.
About the Author
Richard Agnew is VP EMEA at Code42. Code42 is the leader in data loss protection, visibility and recovery solutions. Native to the cloud, the Code42 Next-Gen Data Loss Protection solution rapidly detects insider threats, satisfies regulatory compliance requirements and speeds incident response — all without lengthy deployments, complex policy management or blocks on user collaboration.
Featured image: ©desdemona72
