Not Enough Being Done to Prevent Internal Threats
June 21, 2016Put Automation to Work for You to Monitor User Activity
July 26, 20163 Employee Behaviors Linked To Insider Threats
More often than not, we come across 3 common traits that align with insider threats. Not all traits, or behaviors are the same, but they do originate from the same source, employees. There have been articles on these characteristics for years, but 3 standout more than the others for one reason or another.
3 Behaviors Linked to Insider Threats
- Disgruntled – this behavior occurs when an employee might feel slighted or are leaving the company because they believe they have been wronged and may think they have shared ownership in data acquired over the years and want to take company confidential information to their next place of employment. Or perhaps the employee is disgruntled to the point of wanting to cause damage by destroying a customer list. Regardless of what that reason is, it is at the core an act to willfully do harm to the company and the data.
- Deliberate – this type of behavior happens when an employee understands the company policies, but willingly tries to work around those policies so they can get their work completed in a way that is to their advantage. In a nut shell the employee is deliberately choosing to “break the rules” regardless of the security risks they create by doing it. Maybe there is a policy not to send email attachments to Gmail, but because the employee believes they know better, they decide to do it anyway, not fully considering the risks and vulnerabilities that may occur.
- Accidental – while this is not an intentional act, this behavior occurs when an employee unknowingly violates policies, and subsequently leaks data without even realizing what they did and allowing an external source the ability to access company confidential data.
Each one of these types of employee behaviors present security risks in different ways and all companies should have policies in place to protect against them, but in all reality policies only lay out the understanding of what employee may or may not do, but does little in the way of enforcing these kinds of behaviors which can often leads to data being leaked out the door regardless if it is intentional or not.
The disgruntled employee, more often than not they can be the bigger risk because they likely know exactly where to access data and what the value of that data would be if it got in the hands of a competitor or was deleted. We find on a regular basis that companies usually do not even realize the data has been stolen or that the employee was thinking about it in the first place. This is mostly due to the lack of proper endpoint security tools that protect against internal threats.
For example: InterGuard’s Employee Monitoring module would virtually eliminate threats from this type of behavior. The Employee Monitoring module records every action that is done on the computer (emails, chats, web sites, file tracking, etc.) along with alerts and notifications that warn you when any type of malicious activity occurs. This alone will allow you to obtain evidence if and when someone attempts to access company confidential data. Our data loss prevention module (Datalock) allows you to be able to view and block sensitive data from leaving via email, web forms and removable media as well as data saved on local drives (even remote laptops). When you tether the Employee Monitoring module with Data Loss Prevention, you will have the ability to record and control literally all data that employees can access at the endpoint.
The same also applies to employees that fall in to the “deliberate” behavior. While they may not be trying to intentionally steal or cause harm to company data, they are willfully violating some acceptable use policies in order to achieve a goal which in most cases is because they can complete tasks more efficiently. That said, there is a malicious level of intent that is being committed albeit for less sever reasons, you need to have proper protection in place that goes above and beyond your HR policies. You can use the recordings from the Employee Monitoring module to pinpoint suspect activity that violated the policy and use it as a teaching tool to better educate the employee that thinks it was OK in the first place. And again, coupled with our Data Loss Prevention software, you can create policies at the end point device that prevent any employee from bending the rules with respect to your data security plan.
Behaviors in the accidental category can usually be negated by using web filtering software (yes, we have that too). Not all web filtering software is the same, and in many cases you find the cost to be quite higher than you would expect. For instance, most web filtering appliances only record and block at the local level, but as you likely know, most companies have gone mobile and employees take their computers home with them, or when they travel. Once they leave the secure environment of your local network, they can and do circumvent filtering because they are not passing through your appliance any longer. This is how they could potentially access malicious sites that (by no intention of the employee) install Trojans and back door applications designed for one specific thing, stealing data.
InterGuard’s Web Filtering module does not work that way at all. It was designed from the ground up to record and block by category (its constantly updated), or content on a web page, or white/black listing of URL’s regardless if you are on the local area network, or in a different country. This is because there is no appliance, it works at the endpoint so you no longer need to be chained to a company network to control what employees do on the computer.
Again, while having a solid Acceptable Use Policy is to everyone’s advantage as you can always fall back on them when a violation has occurred, without having endpoint security deployed to your workstations and laptops you are only solving half of the problem with respect to protection against insider threats.
