The following practical recommendations offer companies insight into different methods used to prevent data theft and mitigate data leakage risks:
It is very difficult for companies to find the right balance between trusting employees and safeguarding against them. A company must secure itself against internal attacks just as effectively as it does against external intrusions by following the principles of data risk management:
It’s impossible to avoid risks completely, but risks can be minimized by finding a happy medium between secure company operations and business efficiency.
Companies should foster a culture of teaching employees the basics of data. Employees need to understand what the security policies and procedures are, why they exist, and what security measures are used on the network. Informed employees are the first line of defense against insider threats.
If all employees are sufficiently informed of the principles of security, and responsibilities for vital functions are distributed among employees, then the likelihood of workers colluding to steal valuable information is greatly reduced. When responsibilities and privileges concerning company information are effectively delegated, employees will work only with the documents they need to perform their duties. As many procedures as possible should be automated.
It won’t matter that company employees are loyal and conscientious if account details on the network are compromised: a malicious insider will have everything he needs to steal data without leaving a trace.
Users that work with important data should undergo authentication and authorization procedures when they access data assets. This can include simpler, more old-fashioned methods and more advanced methods — especially the latest anti-insider techniques.
Established departure procedures (i.e., blocking access to information resources) should be carefully followed when an employee leaves the company. This will prevent former employees from copying data from a hard drive, copying documents, or obtaining remote access to the company’s mail server.
Trusting your employees doesn’t mean that you shouldn’t monitor the suspicious or dangerous activities at user workstations that may happen from time to time. For example, if network traffic or the number of requests to the corporate database have increased considerably, or even if the consumption of toner and paper has risen — these are signs that ought to be acknowledged and analyzed, as they may be a sign of an attack or the preparations for an attack involving confidential data.
Companies typically conduct random employee monitoring using tools such as a remote workstation, URL filtration and traffic counters. However, it’s important to remember that even someone in a position of authority could be in cahoots with scammers and steal confidential data at their request. That’s why effective protection against malicious insiders should be managed at a level higher than that of system administrators and other privileged users.
Consider the following recommendations in addition to the simple and practical advice offered above:
It’s especially important to use the latest in data protection technologies: