Top 10 Tips on How to Avoid Damage From Insider Threats

1 of 12

Top 10 Tips on How to Avoid Damage From Insider Threats

Insider threats to enterprise IT systems are the top worry for many CISOs. The perfect recipe for insider cyber-crime combines financial stress with easy access to corporate data and a host of online black market outlets ready to turn information into cash. To effectively address cyber-crime like this, enterprises should use an inside-out security approach that monitors events and suspicious behaviors across their entire computing infrastructure. Prioritizing key assets that store information is the key to providing the necessary level of security to prevent, detect and respond to insider cyber-crime. This eWEEK slide show on avoiding damage from insider threats is based on industry information from Isaac Kohen, founder and CEO of Teramind, which monitors employees with an insider-threat prevention platform that detects, records and prevents malicious user behavior.

2 of 12

Identify Sensitive Data You Want to Protect 

Every company has sensitive data, whether it’s financial information, customer lists or other IP. Management must make it clear what data must be protected. A good exercise is to ask, “If X data is compromised, what would be the worst-case scenario?”

3 of 12

Monitor User Activity 

It is important to know what data employees usually access and their typical user behavior pattern in the office. For example, monitoring activities such as file transfers, website visits and cloud uploads can give an employer insight to abnormal behavior when it occurs.

4 of 12

Encrypt Data and Enforce Strict Data Policies 

Organizations should not have weak enforcement of their data policies. For employees to understand the severity of data compromises, data policies need to be updated, enforced and shared within the organization regularly. And, if data does leave the organization, encryption can prevent it from being compromised. 

5 of 12

Train, Educate Employees about Insider Threats 

Most employers educate their employees about malware, viruses and cyber-attacks. However, employees must learn they can compromise data also by sharing unnecessary information with other employees within the company. They need to know there may be employees with malicious intent, or that other employees can compromise data accidentally.

6 of 12

Develop an Employee Risk-Score System 

Blocking all access isn't efficient for employee productivity. By implementing user behavior monitoring and a risk-score system, employers can identify their highest-risk users. For example, an employer could assign a higher risk score to an employee who isn’t in sales but is constantly accessing customer details. 

7 of 12

Double Authentication and Privileged Access Controls

Double authentication can help ensure employees aren't using the credentials of other employees to access data. All critical systems should be managed via privileged access management so the organization can know who changed preferences, rules or access within the system.

8 of 12

Focus on Automated Detection and Prevention 

Simply knowing about an insider threat isn't enough—once the data is out, it's gone. It is critical to catch the action while it is occurring and prevent the data from leaving your organization.

9 of 12

Implement IT Vendor Monitoring Tools 

If an organization uses third-party vendors to manage any of its IT systems, it should implement the same type of monitoring tools for each third-party vendor as well. The ideal tools should allow visibility into any changes and log-ins made into the organization's systems.

10 of 12

Reassess Implemented Policies 

If organizations keep proper data about employee file access, they can go back and see if their implemented insider-threat policies completely protect their sensitive information. Reassessing policies and creating additional rules based on aggregated data are important in a successful long-term insider-threat policy.

11 of 12

Implement Proactive Policies That Make Sense for Your Organization 

Proactive policies are similar to automation; however, it’s important to consider the actual proactive measures. Do you want to lock the user out or do you want to prohibit the action and alert the employee? Organizations must decide how strict they want their proactive policies to be, as each offers alternative user consequences.

12 of 12

Kaspersky Lab Report Confirms Ransomware Spiked in Q1 2017

Kaspersky Lab's malware report for the first quarter of 2017 shows a dramatic spike in ransomware with such attacks growing particularly fast on mobile devices.
Top White Papers and Webcasts