Securing Your Security: Stopping Inside Jobs Before They Start
If you've ever watched 'Dateline,' '48 Hours' or any of the many other crime shows available today, you're no stranger to the inside job arc. It's essentially an investigation path that leads to all sorts of suspects before returning to the guilty partner. And the acknowledgment that the one closest to the crime committed it.
This phenomenon happens with alarming regularity in the business world, especially when it comes to cyberattacks, as this chart by Statista indicates. Up to 60% of cyberattacks can be attributed to insiders acting maliciously or inadvertently by, for example, falling for phishing emails or social engineering tactics.
How can you protect your business? It takes a combination of strategies and vigilance outlined here.
Vet New Security Employees Thoroughly
You already know it's important to perform background checks on your security employees, but we'd be remiss if we didn't mention it.
The fact is, inside jobs are committed by employees, so vetting them up front, while important, isn't foolproof. That's why we'll spend more time recognizing the signs that might lead to an employee-driven cyberattack and preventing them before they happen.
Minimize Inadvertent Attacks with Training
While inadvertent cybercrimes aren't necessarily malicious, their impact can be just as devastating as a targeted cyberattack.
These occur when employees overlook security procedures, misconfigure servers that expose data, or fall victim to social engineers who trick them into facilitating a crime.
The best way to prevent these is with education at the point of hire and periodically going forward. For most enterprise businesses, this means:
- Security awareness training on network safety, passwords, and multi-factor authentication.
- Ongoing phishing and social engineering training and simulated phishing drills.
- Acceptable Use Policy training and acknowledgment.
Watch Data Activity for Unusual Patterns or Signs
The ebb and flow of your company's data have patterns that are uniquely yours. When this digital fingerprint changes, it's a sign that a cyberattack may be in the works.
Activities such as these carried out by employees should all be considered suspicious:
- Large data file transfers, downloads, or uploads that aren't in line with usual activity.
- File copying, transfers, or uploads to external sources like Google Drive or Dropbox.
- Any file activity or manipulation that occurs outside of traditional business hours.
If you suspect any of these activities are taking place in your organization, work with human resources to assess the next steps. Enlisting an information security awareness firm or consultant is also recommended.
Keep an Eye on Hirings and Firings
Incoming and outgoing employees should be monitored closely. Even highly vetted hires with malicious intentions can slip through the cracks. And those leaving the company, especially under less-than-ideal circumstances, pose a significant potential risk.
Monitor network and system use, ensuring that new hires comply with best practices outlined by your IT specialists.
While it's standard practice to deactivate accounts of terminated employees, periodically review network and email accounts to confirm this has happened. Many disgruntled ex-employees will attempt to log in, hoping their accounts are still accessible.
In addition, alert external partners when employees leave the company so that they can't inadvertently help them access off-limit files and data.
Understand that Any Employee Can Be a Cybersecurity Risk
Don't fall into the trap of believing that only IT employees or those with technical positions can cause a cyberattack. It's just as easy for a warehouse employee to trigger one by plugging an unfamiliar thumb drive they found in the parking lot into a hard drive at work.
Similarly, suppose an offsite worker logs into your company network using unsecured public Wi-Fi. In that case, there's a pretty good chance a bad actor monitoring the channel will harvest the login credentials for later use.
A Security Awareness Culture Cures a Lot
When you consider the scope of your technology, employees, and business, it's easy to get overwhelmed by the prospect of risk. And while no one cure can prevent all inside jobs, accidental or not, a culture that values security awareness can go a long way toward doing so.
Security-aware employees are more likely to watch out for each other—or call each other out when they're putting the business at risk.
They're also less likely to fall for phishing emails or the activities of social engineers and more likely to report suspicious emails and activity.
Your role is to create an environment conducive to good habits and keeping security top of mind for everyone.