As cybersecurity continues to be at the top of mind for organizations, most of the conversation has surrounded keeping information safe from external threats and hackers, with little attention given to internal security threats. What about the unhappy employee, the ex-employee who was recently sacked, an employee who has an axe to grind, or even an employee who simply stumbled upon sensitive information and decided to capitalize on it? All of these internal sources have approved access to data, passcodes, keys and so on that can pose as security vulnerabilities to your organization.
In fact, according to the
2016/17 Kroll Annual Global Fraud and Risk Report1, 60% of respondents who worked for companies that suffered from fraud identified a combination of perpetrators that included current employees, former employees, and third parties. Furthermore, an overall 44% of respondents reported that insiders were the primary perpetrators of a cyber incident, with former employees the most frequent source of risk (20%), 14% citing freelance or temporary employees, and 10% citing permanent employees.
Threats that come from within are difficult to defend against, because a one-size-fits-all solution and traditional security products like firewalls, VPNs and SSL do not work in this case. With access to the company network and the ability to fly under the radar, the disgruntled employee can use inside knowledge to share a virus, share or sell documents with rivals, or misuse company and personnel data for other benefits. While internal threats are difficult to defend against, there are several actions you can take to try be as protected as possible. Below are several tips on practicing safe internal security.
- Implement File Level Encryption: Add an extra level of security to your sensitive data. As with web apps, all of your files should be encrypted in addition to any current security and encryption that you deploy. Full data encryption solutions encrypt the entire hard drive from the operating system to all applications and data stored on it. As information is read from the disk, it is decrypted and any information written to the disk is encrypted in turn. Without the encryption key, the data stored on the disk remains inaccessible.
- Disable Key Stores: Encryption should be dynamic. In other words, your Key Store should be dismantled and the encryption keys, IVs and Salts, should be created by the application based on different criteria at that moment in time. This means that each piece of data, each network message, or each file is encrypted to a unique key, so it doesn’t leave your data exposed on your key store and accessible to unauthorized employees.
- Define Levels of Access: Each employee in the company is important, but some have more need to access sensitive data than others. One security measure that could add protection to sensitive data is for IT to define the level of access that employee has and to assure that access levels are maintained whether employees are working behind or beyond the corporate firewall depending on their role.
- Remove Access Rights: When a member of your staff moves, whether it is externally all together from the company or even just a different department from within, the first measure that must be taken is changing the access rights of that employee. IT should be immediately notified to revoke all computer, network, and data access the employee who is moving on has and should be documented for legal purposes.
- Less is more: When you are dealing with sensitive information, it is a good rule of thumb to limit the amount of people who have access to it. Having fewer people with access to your most sensitive documents helps protect it from being misused.
