Most businesses that really lean on their IT go to great lengths and expense to keep those systems secure. Sometimes, however, all those firewalls and antivirus software don’t stop threats that come in from your staff. Today, we are going to go through the three different types of human error that your staff can undertake, and how to deal with each.
The most benign of the insider threats, the accidental mistake typically happens when data is in transit. Circumstances often lead to situations that are less than ideal. Typically, these types of mistakes are made when an employee isn’t properly trained. If you have security policies in place, but an employee hasn’t been made privy to them, or at the very least they aren’t given the knowledge on how to stay compliant of them, there is a disconnect that can often lead to problems.
Unfortunately, most insider threats are of this nature. These are threats that are brought on directly from user error because of a lack of diligence. When data is lost in a database, when malware is downloaded on the network, or when mobile hardware is lost, your company is dealing with user negligence. Most negligence is not premeditated, but due to its avoidable nature, it is looked on much less favorably as compared to accidental mistakes.
When an insider acts in a way that is intentionally malicious towards an organization. This can come in several forms. A user that has access to company computing resources can deliberately steal data, inject malware, and bypass security policies enacted by the IT administrator. Then there is the mole, who is a person that is actually an outsider, but is provided access to company computing resources, and uses his/her position to pass information onto competitors, steals it with the intention of selling it off, or using it nefariously later.
How to Spot Insider Threats
The nature of the beast here makes spotting insider threats difficult, but there are some indicators that can help you identify if you have a bad actor in your midst.
- Type of activity for users – If a user has access to certain resources, but their job doesn’t typically require them to use those resources, especially ones that are filled with sensitive information, you wouldn’t be misguided to further monitor that employee’s behavior on your computing network.
- The volume of traffic – If you can’t account for a sudden uptick in network traffic, you may want to investigate.
- Times of activity – If you see spikes in traffic at strange times, you’ll need to ascertain why.
How to Protect Against Insider Threats
You can take some pretty straightforward steps to combat any insider threats. They include:
- Increase visibility – You will want to put systems in place to keep track of employee actions. You can do this best by correlating information from multiple sources.
- Enforce policies – Having your policies documented and easily accessible will avoid any misunderstanding of your business’ expectations on how employees interact with its technology resources.
- Comprehensive training – IT isn’t everyone’s cup of tea. To avoid accidental mistakes and to help reduce negligence, consider putting together strong training initiatives. They will go a long way toward helping staff understand what is expected and what is possible.
- Access control – Of course, if you set up permissions for every part of your business, you can effectively set who can see what, making sabotage and negligence less likely to hurt your business.
If you would like help identifying how to protect your business’ network and data from threats, even the ones that come from inside your business, call the IT professionals at DS Tech today at (906) 786-0057.