Amid today’s data-dependent, distributed workforce, and sprawling cloud collaboration technology use, it’s no surprise that insider risk is growing and catching the attention of security teams.
Insider risk — when sensitive corporate data moves to untrusted places like personal devices, email or cloud destinations — is one of the fastest growing threats that businesses have to address today, but it’s also one of the hardest to mitigate. Today, data is highly portable, and users are often off the network, greatly decreasing security teams’ visibility to file movements. Compounding this challenge are modern file-sharing technologies that make it even easier to expose, leak or steal company assets like customer lists, product plans and sensitive intellectual property (IP).
What’s more, with employees increasingly adopting remote work and connecting to at-home networks, many data exposure events occur because users are merely trying to get their work done, but they make mistakes or take shortcuts to work faster than they believe company policies allow. When it comes to mitigating insider risk, it ultimately comes down to security’s weakest link — human beings.
The term “risky insider” was coined to describe a person who has (or had) authorized access to, or knowledge of, an organization’s resources; however, this “risky insider” can take many forms. It could be an employee or contractor sharing company files via a personal email, someone taking sensitive data with them after they leave the organization, or even an employee saving files to a personal cloud storage or drive.
With all this in mind, security leaders should pay special attention to these common occurrences that could characterize an employee as a “risky insider.”
Confusion over data entitlement and ownership
Unfortunately, companies often aren’t clear — or don’t enforce — their data policies. So, when an employee leaves, they may take files and company data with them. In fact, there’s a one in three (37%) chance a company loses IP when an employee quits, and nearly three-quarters of organizations are unaware of how much sensitive data departing employees take with them.
Many employees attempt to take data with them when leaving a company, voluntarily or not. Today, employees feel a much greater sense of ownership over the work product they’ve developed, plans they’ve built and budget forecasting outlines they’ve created — but this can introduce data exposure opportunities when employees leave. For example, if a company found that a software developer who had resigned had also moved millions of dollars worth of source code to their personal cloud drive to bring to their next job, this could significantly impact both companies at hand. Most companies aren’t so lucky to catch a departing employee in the act. To avoid this, companies should incorporate more resources to educate employees on security policies during onboarding, and also reiterate policies during offboarding. Also, using proper technology, such as watchlists, can surface file movements of higher risk users, like employees preparing to depart (once they’ve given their notice).
Using a workaround to make employees’ lives easier
For employees, sometimes security control rules can be inconvenient and a hindrance to productivity. Restrictions on data sharing could be bypassed by saving files to a personal cloud drive or sending to a personal email account — but this leaves files open to compromise. As cloud-based collaboration tools have risen in popularity, personal use of the same tools has become a breeding ground for insider data leaks and theft, contributing to significant risk to businesses.
Using workarounds and personal versions of corporate applications is a type of insider risk that is growing increasingly common and is a challenging cybersecurity blind spot. Many security leaders think the solution to this problem is to block access, but this isn’t feasible for organizations who don’t want to stagnate collaboration and productivity.
Instead, leading with a mindset of “trust, but verify” satisfies both parties. Security teams can assume honest intent, but implement continuous monitoring systems while remaining aware of red-flag behaviors.
Accidental negligence or carelessness
Constant changes in technology and residual uncertainty of how to use the technology securely all but guarantees that employees, thanks to human behavior, will continue to be security risks. This being said, proper and effective training can mitigate some of these concerns.
Employee cybersecurity training should be actionable, hyper-targeted and bite-sized to provide right-sized response lessons for end-users who show accidental or negligent user activity. Every company has their own security culture, but there will always be people who “drift” from that true north. By providing immediate, course-corrective action when that drift does occur, chances are that employees won’t make that same mistake again.
While it’s up to employees to stay cognizant of security practices and patch management, it’s on security teams to adopt and implement a transparent, security-centric culture, provide proper security and awareness training, and monitor for red-flag behaviors like file movement when employees are exiting a company. Especially as more organizations adopt a hybrid or remote model of work, while insider risk is on the rise, now is the time to take steps to secure data in a way that allows employees to continue working — wherever that may be — without disruption.