November 13, 2019

4 Insider Threats and How to Protect Your Company Against Them

Businesses worry a lot about external digital threats, such as hackers. It's a reasonable worry with even major financial companies suffering data breaches from hacking.

Unfortunately, insider threats often pose more danger to your business than any hacker. Your employees already have access to your digital assets, hard copies, and sensitive conversations. 

So, what are some common insider threats and how can you defend against them?

1. Poor Security Awareness

Any employee who doesn't work in security will often ignore basic security practices. For example, they'll stay logged on to their workstation when they visit the restroom or go get a bottle of water. Others will use poor password security, such as writing it down on a piece of paper.

Even security practices such as two-factor authentication designed to overcome poor password security often fail because of poor personal device security. 

Regular security meetings can help keep these practices at the top of their minds. You can also use digital measures such as multi-factor authentication software

2. Technology Errors

Many problems stem from unintentional or inadvertent technology errors.

For example, the new IT guy gets saddled with configuring a cloud server at the last second. His unfamiliarity with the company's protocols leads him to configure the server wrong. This leaves your company open in some way for a data breach. 

Employees may also put files on non-secure devices or in non-secure folders on a server. That's not a crisis if it's the company newsletter. It's a big crisis if it's your company's trade secrets. 

Training can help your employees avoid storing files in the wrong way. You should also conduct configuration reviews to help spot flaws on your servers

3. Conscious Disregard for Security

A small but serious type of insider threat is the employee who disregards security protocols to make life easier. These employees don't intend anything malicious. They just want to avoid the hassle of going through all the security steps day-after-day. 

In many cases, the best solution for this type of behavior is a draconian policy. For example, you can automatically fire any employee found circumventing security protocols.

4. Disgruntled Employees

A disgruntled employee represents one of the most serious potential insider threats. Unlike other threats, these employees look for ways they can damage their employer.

Companies should employ strict access-control policies with departing employees. At the least, you should strongly limit their access to sensitive data. File access monitoring software can alert you if an employee digs into areas they never looked before.

Parting Thoughts on Insider Threats

Insider threats often create serious risks for businesses. You can limit many of these threats through training, but some call for more active measures. 

Behavior monitoring software can help spot employees acting in strange ways on the network. You can also use continuous identity monitoring software to help identify hackers using employee credentials. If necessary, institute harsh consequences for anyone found violating your internal security protocols.  

Acceptto specializes in cybersecurity with a focus on continuous identity authentication. For more information about services, contact Acceptto today

insider threats