Please fill in the form below to subscribe to our blog

Categories

Tags

Australia BullPhishID BullPhish ID Canada commercial credential stuffing cyberattack cybercrime cybersecurity Dark Web dark web credential loss Dark Web ID dark web monitoring dark web threat Data Breach Data Breach Alerts data compromised data loss prevention data theft France hacking healthcare insider threats Japan MSPs MSP Solutions MSP Space nation-state hackers Passly passwords phishing phishing resistance phishing resistance training ransomware remote working retail security security awareness training SMB cybersecurity stolen credentials supply chain risk The Week in Breach third party risk United Kingdom United States

How to Identify and Prevent Insider Data Breaches

April 20, 2017

A little known fact about corporate identity theft is that a large percentage of data breaches originate inside the organization’s walls. A recent report by Intel estimates that 43% of data breaches are the result of insider threats. Half of the insider breaches came from employee negligence and half came from malicious actions.

The first step to prevent insider data breaches is to recognize how prevalent they are. An ounce of prevention is worth a pound of cure. Like most thieves, cyber criminals prey on the easy targets. In a survey of threat experts conducted by the Ponemon Insitute, 69% of respondents agreed that “most hackers quit the attack when the targeted organization presents a strong defense.”

So, what can you do make sure that your organization is not an easy target for cyber criminals? The Federal Bureau of Investigation (FBI), arguably the best counterintelligence organization in the world, gives good advice for detecting and preventing insider data theft in their publication, The Insider Threat. Below you will find a summary of the FBI’s advice to prevent insider cyber threats.

Organizational Factors

It’s critical to an organization’s cyber safety to have policies in place that limit access to your valuable intellectual property and proprietary data.

To assess your readiness, ask yourself the following questions:

  • Do you have protocols in place that limit access to sensitive data and intellectual property to only those that need access?
  • Do you label proprietary information and do employees understand the consequences of not protecting it properly?
  • Do you have controls in place that alert you when someone leaves your facility or network with proprietary information?
  • Have you trained your employees on how to safeguard proprietary information?
  • Do you have strong password protocols and/or do you use two-step authentication for authorized personnel to access sensitive data?
  • Are employees under time pressure that may cause them to shortcut your security protocols?
  • Have you communicated to employees that you take security seriously and that there are strong consequences for security breaches.

Note that both the actual security measures and the communication of your commitment to security are both important.

Behavioral Indicators

It’s important to be aware of certain behavioral patterns so that you are alert in the case of a potential insider data breach.

Here are some behaviors to watch for:

  • Are unauthorized employees seeking to access data that is outside the scope of their work responsibilities?
  • Are employees taking sensitive data home by means of thumb drive, computer disks, email or documents? If so, is the information related to their job duties?
  • Are employees unnecessarily copying documents or computer files?
  • Does the employee remotely access your network while on vacation, sick leave or other strange times?
  • Does the employee routinely work late hours and/or weekends when secure information can more easily be accessed?
  • Is the employee overwhelmed by career setbacks or life disappointments?

Keep in mind that these behaviors don’t necessarily indicate that an employee is stealing proprietary data. However, they are behaviors that should alert you to a potential data breach – at a minimum, they will likely require proper security procedures to be reviewed with the employee in question.

These are some of the steps that you can take to make your data a hard target for cyber criminals and cause them to seek an easier target. Would you like to see how Dark Web ID can help you protect sensitive data? Schedule a free demo with us.