Whether deliberate or accidental, data breaches caused by insiders can cause extensive and potentially irreparable damage to your company.
Many IT professionals agree that insider threats are one of the biggest challenges facing businesses today, and you hear about new incidents on the news all the time. To keep your business safe from these breaches, it’s necessary to take a proactive approach to data management and security.
Common Insider Threats
Improved security starts with a better understanding of the types of threats you could be facing. In most cases, insider threats fall into one of three categories:
- Destruction of data in retaliation for a perceived wrong
- Deliberate manipulation of data for personal gain
- Theft of proprietary information with the intent to distribute or sell it
A fourth threat, employee ignorance, is also a growing problem among companies, although individuals involved in this type of breach lack the malicious intent seen in the other three.
What Do the Numbers Say?
Statistics show that as many as 2,500 internal security breaches occur every day in the United States. Nineteen percent of employees admit to being involved in these breaches, but the actual involvement may be much higher given that 42 percent of IT professionals think that ignorance is to blame for great number of security problems. Some studies have found up to 58 percent of all incidents can be attributed to insider activity.
Part of the problem is the growing “bring your own device” (BYOD) phenomenon. So many businesses have begun to store information in cloud-based services that can be accessed from mobile devices that employees have begun to feel comfortable retrieving company data using their own smartphones and tablets. Unfortunately, these same employees exhibit a lack of understanding when it comes to the potential security risk of these activities.
Around 52 percent don’t see any problem with sharing company login information. As for the rest, only about 31 percent of businesses actually have a BYOD policy in place. The remainder are either trying to keep outside devices from being used or resigning themselves to the fact that employees will do what they want regardless of whether or not there are rules.
How to Deal with Insider Threats
Bumping up data security within your organization can be as simple as putting a few new policies into practice:
• Set clear boundaries for BYOD activities
• Regularly train staff in corporate security measures
• Pay attention to patterns in user activity and data access on the corporate network
• Carefully monitor all work computers for malicious activity using computer monitoring software
Building a positive workplace atmosphere and keeping an eye on employees whose behavior suddenly changes are also important components of a comprehensive security program.
Don’t wait until an angry ex-employee or a poorly trained new hire makes a mess of your company’s data. Be diligent in monitoring network use and access throughout the organization to catch problems in the early stages and prevent the widespread damage that can result from an insider security breach.