How to Protect Company Data in Use from Potential Employee Threats
Data breach threats are one of the biggest threats to businesses—and these are increasingly becoming insider threats. In a recent poll of UK workers, about 52% admitted to accessing data they shouldn’t have. While often this is done innocuously, it still presents a bigger issue. Data in use, i.e. data that’s actively being transmitted, is the data that’s most likely to be at risk when employees access files they shouldn’t. Employees not following protocols could lead to a major data breach because of this.
Proper data control is necessary to prevent unauthorized access. By limiting who can review the data in the first place and by regularly assessing risk, you can circumvent much of the potential that your company’s confidential information will be leaked. When you’re trying to find where those threats are originating from, often your best bet is to focus your attention within your own ranks.
What We Can Learn From The Sage Group Data Breach In 2016
In 2016, Sage Group, a Financial Times Stock Exchange 100 company, reported a breach of customer information that compromised the confidential data of around 300 companies. The news of the data breach caused the company’s stock to drop as well, which isn’t uncommon. Data breaches cause people to lose faith in a company and that makes them less likely to invest.
Sage Group recovered by quickly investigating and locating the guilty party. The guilty party wasn’t an elite hacker or even someone with technical skills. It was simply a woman who’d used an internal login to access the data.
This is the problem with data breaches. Companies frequently focus their efforts on preventing outside threats to their data, when in reality, their own employees can sometimes be an unknowing risk to data security. Some of the reasons employees can pose larger threats include:
- Insiders don’t need tech skills – In the Sage case, the individual involved didn’t use any high-level hacking or programming skills. They simply signed in, took what they wanted, and signed out.
- They’re more likely to access data in unsafe places – If an employee is signing in to review confidential information that they shouldn’t, it’s probable they’re not doing it from the cubicle where their actions might be more easily discovered. Instead, they’re going to do it from the airport or the corner coffee shop. This is where the data in use threat comes in, because as soon as the data is being transmitted, the risk is no longer limited to the employee. Instead, the data is accessible to anyone with enough knowledge to use the data stream to gain access to that information.
- The reward is bigger than the risk – Criminal hackers must determine if the risk of being caught breaching the data is greater than the reward. If it’s possible they’ll be caught, the financial reward for that attack has to be significant. Employees aren’t going to think the same way. If they access data they shouldn’t and repeatedly get away with it, they’re not going to see any risk at all. If they are caught, and simply receive a slap on the wrist, again, they’re not going to fear repercussions.
Employees don’t need advanced skills to cause a data breach. All they need is a login and a lax password management process. Despite that, employers continue to focus on preparing for outside data risk when inside risk is much greater.
Preparing for Insider Threats in Data Management
Through simply using a login, the employee of Sage Group risked the data of 300 companies and caused stock to drop by almost 5%. However, Sage was able to recover quickly by having policies in place that minimized the risk. Here are a few ways you can prevent insider risk for your company’s data:
- Have a zero-trust policy – While it’s nice to be able to trust employees, you shouldn’t do that with data. Ensure that all programs with sensitive data are password protected and that there’s no way to cross-access data. In addition, make it so that outside hardware can’t be used on company computers and that company computers cannot connect to unapproved networks.
- Monitor and analyze systems regularly – Don’t be dependent on password management to ensure that systems aren’t being accessed for illicit means. Monitor and review all activity on a regular basis, even the activity that comes from authorized users. You can also use a technology like Remote Risk Assessment (RRA) to spot-check compliance with password management in your business.
- Follow through on breaches – You need a policy that states clearly what will happen if employees are caught accessing data they shouldn’t. In the Sage case, the company immediately followed through with police involvement and agreed to cooperate in the investigation. While this doesn’t fix the past data breach, it shows all Sage employees that the company takes data breaches seriously, reducing the risk of future breaches.
The key here is to monitor your employees’ use of the system. Most security technologies are designed to monitor for outside threats. Once someone has the credentials they need to sign in, that technology stops being useful. Employees are now and will always be your biggest risk in a data breach. Focusing your attention inside can help to minimize that risk.
Clearspeed offers tools for managing risk in your organization to protect you from insider threats. Even when employees work from remote locations, you can conduct a full risk assessment in under ten minutes, with highly accurate results. For more information on RRA, contact us.
Image Source | Unsplash user Samuel Zeller