Insider IT threats continue to plague enterprises. An Egress survey found that 94% of organizations experienced an insider data breach last year. Sometimes insider IT security breaches are intentional and malicious, but other times they are accidental. All it takes is one employee to make a simple mistake or to be unaware of security best practices for them to become an unintentional threat. However, intentional or not, the consequences to an organization are often similarly deleterious. This article will break down examples of insider risks that could pose a threat to organizational data and provide best practices for mitigation, with a focus on an under-the-radar honeypot for would-be insider threats: printing and scanning.
Unintentional security breaches are often the result of simple negligence, inattention or lack of education. Administrator and operator errors are easy, common mistakes to make — and printing, scanning, fax and copying processes are no exception. For example, an employee could accidentally share an email with the incorrect person, giving the recipient access to potentially sensitive data in the process. Or, if a device is not secured, an employee could click on a link sent by a bad actor, putting the entire organization at risk of malware and other types of attacks. Another negligent potential data breach includes leaving a document in a printer or scanning tray. This poses a threat because it opens the door for anyone walking by to remove the document from the device and access the information.
Access to private data can be controlled by physically securing your copy, scan or fax devices and implementing user permissions. For instance, pull printing, which is essentially a two-step verification process, can greatly reduce the threat of data loss. With pull printing capabilities, the print job remains unprinted on the device until the user authenticates their identity at the machine, ensuring that they are right there when their document prints and are able to pick it up immediately. This authentication can be done with NFC-enabled printers using ID cards, physically or through a mobile app. An employee can simply hold their ID badge near a reader and the machine can be pre-programmed to print or scan documents into a records system before sharing them.
While including features like user access controls and pull printing help avert unintentional security breaches, one of the best ways to counter accidental data breaches caused by uninformed employees is to ensure that they’re informed. According to a study conducted by the Ponemon Institute, employees remain a top security risk for organizations. This problem is only intensified as more employees continue to work remotely. To avoid these types of breaches, companies must invest in employee education. This could take any number of forms, from something as simple as regular reminders to bigger investments like training and accreditation.
As mentioned above, in a time where many workers are likely to work remotely or in some sort of a hybrid arrangement where working on documents outside of a centralized location is the norm, there is an associated risk of exposure to unauthorized access or dissemination. Home devices do not meet the necessary security capabilities from both a technology and process standpoint. Print and scan devices with Wi-Fi connectivity and hard drives have become hubs for document workflow management and can expose organizations to unnecessary risk.
In addition to permissioned access, Knowledge Management (KM) automation can ensure redaction for sensitive data, which can help lower the risk of a data breach if documents are lost or stolen. Analytics and activity tracking done through automation allows an enterprise to pick out anomalies. If something does happen, it becomes an easier job to pinpoint what happened, who it was and where it occurred. Furthermore, KM also allows for a thorough audit of data access.
An under-the-radar risk for would-be insider threats within the office is data from past print jobs remaining on the printer’s hard drive. To prevent this type of physical data breach, companies should ensure that their printer hard drives have the proper security measures in place or are erased after the machine is no longer in use. Alternatively, organizations can choose devices without hard drives to eliminate the risk altogether.
Whether intentional or not, enterprises must protect themselves from breaches with appropriate security measures. The above are just a few examples of risks that employees or others can perpetrate with access to a company’s physical and cyber infrastructure. This list is by no means exhaustive, so enterprises must continue to be vigilant and stay up-to-date on IT security best practices to protect themselves from data loss. Good cyber hygiene is a must for every organization, inside and out.