Protect Your Organisation From Employee Data Theft

Uploaded on 2019-10-25 in NEWS-News Analysis, FREE TO VIEW

Too few organisations pay attention to the risk that their own emplyees present to data secuirity and those that do struggle to undestand how to address the challenge. 

According to the current Verizon Data Breach Investigation Report, the percent of data breaches caused by insiders rose to 34 34% in 2018 from 28% in 2017. With just over one-third of all data breaches caused by insiders, the threat is just too serious to ignore.

Not all employees will take company data, but chances are high that if organisations don’t put proper precautions in place, employees will put valuable dat at risk, either intentionally or accidentally. Having a sound understanding of the threats oraganisations face, how they have evolved and which tactics are most likely to be utilised can prepare them to manage these risks more effectively. 

If companies are going to protect themselves from data loss, they must face two uncomfortable truths:

  • It’s likely that any given company is suffering a data loss or theft from departing employees at this very moment. As many as 72% of departing employees admit to taking company data and 70% of intellectual property theft occurs within the 90 days before an employee’s resignation announcement.  
  • Traditional data loss prevention tactics do not work. Why don’t traditional tactics work? One reason is they rely on employees to classify data, which has never worked. Furthermore, when an employee does run afoul of the company’s policies, the reaction is to block their access to data. That response fundamentally contradicts the collaborative, sharing environments of today’s workplace. Exceptions must then be granted, which leaves the company open to risk of data loss.

For example, although McAfee is considered a leader in data loss prevention the company recently filed a lawsuit against three ex-employees accused of stealing trade secrets and allegedly taking them to a McAfee competitor. In this era where data can be moved with a click, it’s essential that all organisations implement a data loss protection strategy that provides simple, fast detection and response capabilities so that organizations can protect themselves from common data loss by insiders.

Organisations must have this ability to mitigate the risks of costly lawsuits or losing valuable intellectual property to competitors. The core of this effort will be the creation of an enterprise-wide insider data theft policy, which includes employee education. 

Customer lists, engineering designs, research findings and analysis and other data belongs to the company, not the worker. Companies must educate their employees about this and making this clear requires a formal, detailed, written policy on what data employees can take home or with them when they leave and what data must remain.

This policy should be part of new-hire onboarding, security awareness training and employee off-boarding.

Next, make sure to develop indicators of insider data compromise. These indicators will differ from organisation to organisation. The policy should include looking for signs of unusual activity such as an increase in data being transferred, accessing files outside of business hours, or attempts to rename intellectual property something innocuous, such as family photos or music.  

While broad rules are important, it’s just as important to establish rules that focus on file types that are likely to have intellectual property enclosed. This can be CAD renderings for an architectural firm, while for a pharmaceutical company it can be years of drug research. Whatever it is for your business, make sure you can monitor the activity of these files. 

Finally,it’s a misconception that departing employees will steal data after they give notice or in the few days leading up to their last day. In fact, the thefts often occur much sooner, some as early as the day they start to look for a new employer.

Many organisations don’t start monitoring employee use of data until after a staffer has given their notice or has been placed on some type of probationary period. This just isn’t good enough.

It’s best to evaluate their actions going back months before they have given notice.In fact, enterprises should create a process for every time an employee is leaving employment, whether voluntary or not.

This is a process the human resources department should initiate. Most companies have an employee onboarding process, but few have similar processes for departing employees. This needs to change. The departing employee workflow should include not only things like the deprovisioning of access, but also an analysis of their data access activity. If suspicious file movement is detected, it should be referred to HR and/or legal to decide how to respond. 

Putting in place a handful of known best practices can greatly mitigate the danger of the trusted insider. and here are some best practices to prevent breaches:  

Keep it clean. 
Many breaches are a result of poor security hygiene and a lack of attention to detail. Clean up human error where possible, then establish an asset and security baseline around Internet-facing assets like web servers and cloud services. 

Maintain integrity. 
Web application compromises now include code that can capture data entered into web forms. Consider adding le integrity monitoring on payment sites, in addition to patching operating systems and coding payment applications. 

Redouble your efforts. 
2FA everything. Use strong authentication on customer- facing applications, any remote access and cloud-based email. There are examples of 2FA vulnerabilities, but they don’t excuse lack of implementation. 

Be wary of inside jobs. 
Track insider behavior by monitoring and logging access to sensitive data. Make it clear to staff just how good you are at recognising fraudulent transactions. 

Scrub packets. 
Distributed denial of service (DDoS) protection is an essential control for many industries. Guard against non-malicious interruptions with continuous monitoring and capacity planning for traffic spikes. 

Stay socially aware. 
Social attacks are effective ways to capture credentials. Monitor email for links and executables. Give your teams ways to report potential phishing or pretexting. 

While many organisations make the mistake of focusing on the headlines that highlight sophisticated external attackers, they overlook the real risk created by their trusted insiders. Certainly, there’s no foolproof strategy to solve the insider threat problem.

Verizon:             Infosecurity Magazine:      

Top 5 Rules For Laying Out An Employee Cybersecurity Policy:

 

« The Cyberthreat Handbook
False Flag: Russian Hackers Hijack An Iranian Group »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

Vade Secure

Vade Secure

Vade Secure provides protection against the most sophisticated email scams such as phishing and spear phishing, malware and ransomware.

SecurePay

SecurePay

SecurePay is Australia's premier payment gateway, with a range of secure online payment solutions for online retailers, SMEs and enterprise businesses.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

THEC-Incubator

THEC-Incubator

THEC-Incubator program is designed for international and ambitious tech startups in the Netherlands. Areas of focus include Blockchain and Cyber Security.

Tokio Marine HCC

Tokio Marine HCC

Tokio Marine HCC is a leading specialty insurance group with a Financial and Professional product line including Tech and Cyber.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

Breadcrumb Cybersecurity

Breadcrumb Cybersecurity

Breadcrumb Cybersecurity is a cybersecurity and advisory firm. We specialize in penetration testing, threat hunting, incident response, regulatory compliance, and employee training services.

Quside

Quside

Quside, a spin-off from The Institute of Photonic Sciences in Barcelona, designs and manufactures innovative quantum technologies for a wide range of applications including cyber security.

ECHO Project

ECHO Project

The main objective of ECHO is to strengthen the cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector collaboration.

Condition Zebra

Condition Zebra

Condition Zebra has wide experience in providing IT Security Services, Training, and Certification in the field of cybersecurity.

Pathway Communications

Pathway Communications

Established in 1995, Pathway Communications – is part of the Pathway Group of Companies, a Canadian IT Managed Services organization.

BastionZero

BastionZero

BastionZero is leveraging cryptography to reimagine the tools used to manage remote access to servers, containers, clusters, applications and databases across cloud and on-prem environments.

CoreStack

CoreStack

CoreStack helps enterprises overcome cloud challenges such as ever growing security risks, stringent regulatory compliance needs and operational complexities.

Open Source Security Foundation (OpenSSF)

Open Source Security Foundation (OpenSSF)

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

Valeo Nertworks

Valeo Nertworks

Valeo Nertworks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.