1Top 10 Tips on How to Avoid Damage From Insider Threats
Insider threats to enterprise IT systems are the top worry for many CISOs. The perfect recipe for insider cyber-crime combines financial stress with easy access to corporate data and a host of online black market outlets ready to turn information into cash. To effectively address cyber-crime like this, enterprises should use an inside-out security approach that monitors events and suspicious behaviors across their entire computing infrastructure. Prioritizing key assets that store information is the key to providing the necessary level of security to prevent, detect and respond to insider cyber-crime. This eWEEK slide show on avoiding damage from insider threats is based on industry information from Isaac Kohen, founder and CEO of Teramind, which monitors employees with an insider-threat prevention platform that detects, records and prevents malicious user behavior.
2Identify Sensitive Data You Want to Protect
3Monitor User Activity
4Encrypt Data and Enforce Strict Data Policies
Organizations should not have weak enforcement of their data policies. For employees to understand the severity of data compromises, data policies need to be updated, enforced and shared within the organization regularly. And, if data does leave the organization, encryption can prevent it from being compromised.
5Train, Educate Employees about Insider Threats
Most employers educate their employees about malware, viruses and cyber-attacks. However, employees must learn they can compromise data also by sharing unnecessary information with other employees within the company. They need to know there may be employees with malicious intent, or that other employees can compromise data accidentally.
6Develop an Employee Risk-Score System
Blocking all access isn’t efficient for employee productivity. By implementing user behavior monitoring and a risk-score system, employers can identify their highest-risk users. For example, an employer could assign a higher risk score to an employee who isn’t in sales but is constantly accessing customer details.
7Double Authentication and Privileged Access Controls
8Focus on Automated Detection and Prevention
9Implement IT Vendor Monitoring Tools
10Reassess Implemented Policies
If organizations keep proper data about employee file access, they can go back and see if their implemented insider-threat policies completely protect their sensitive information. Reassessing policies and creating additional rules based on aggregated data are important in a successful long-term insider-threat policy.
11Implement Proactive Policies That Make Sense for Your Organization
Proactive policies are similar to automation; however, it’s important to consider the actual proactive measures. Do you want to lock the user out or do you want to prohibit the action and alert the employee? Organizations must decide how strict they want their proactive policies to be, as each offers alternative user consequences.