3 Steps to Identify & Protect Against Insider Threats

High profile security breaches at Target, Sony, and now Anthem, among many others, are driving security spending to the top of IT budgets. In 2015, IT leaders plan to invest more money than ever before in identity and access management, intrusion detection and prevention, and virus and malware protection. However, the threats posed to cyber security by your employees, the very people you think you can trust, far outweigh the risks posed by malicious external actors. And reducing the threat of insider acts costs much less.

Many insider attacks or misappropriations of confidential information are preventable by creating an awareness of behavioral indicators, along with simple, inexpensive, and easy to implement policies and procedures. Managers who are equipped with knowledge and strong, enforceable policies are at the front line of defense against insider threats.

1. Recognize Behavioral Indicators

Potential insider threats frequently come with key behavior indicators, including employees:

• Who work odd hours without authorization
• That have a notable enthusiasm for overtime, weekend, or unusual work hours
• Who show an increased interest in matters outside the scope of their duties,
• Who exhibit signs of substance abuse, financial difficulties, gambling, or hostile behavior are potential insider threats.

Develop a methodology by which to monitor the information usage of such employees and encourage your management team to report unusual activities.

2. Strengthen Policies

Spend the time to create or revise basic policies to strengthen your defense against insider threats.

• Create an Acceptable Use Policy that is specific about permitted usage of company assets.
• Make sure this Acceptable Use Policy is acknowledged annually by every employee and consistently enforced.
• Conduct security awareness training annually and require employees to confirm their participation in the training.

Take this seriously. And test the effectiveness by conducting annual social engineering exercises that include phone and/or email “phishing” and “Red team” operations.

3. Fine-tune Onboarding and Termination Procedures

Thorough onboarding and termination procedures make up the last component of effectively mitigating insider threats. Background checks that consider financial as well as criminal information are a must. Incorporate acknowledgement of the Acceptable Use Policy and security awareness training into your on-boarding process. And when an employee’s time at your firm comes to an end, voluntarily or not, you must have a process by which all access rights are immediately terminated. Many organizations are taking the additional step of immediately reviewing activity logs of employees who are asked to leave and performing focused monitoring on employees who tender their resignation during the notice period.

These three steps, if executed effectively, may be just as effective in protecting your company’s information as the pricey hardware and software tools.