How to stop data damage without suspicion or stigma

How to stop data damage without suspicion or stigma

“Can I trust my employees?” is a question that makes me feel uneasy. Yet over the past few years the issue of cyber security incidents caused by employees, or those inside an organisation, has been highlighted in the media repeatedly.

The loss of intellectual property, patient or client data, or other business critical data has a huge economic and reputational impact. With only 11% of businesses reporting that they feel they’re safe, insider threat is a key cyber-security threat that needs to be addressed.

On the surface, it seems like business leaders may need to start mistrusting all employees at all levels within their organisations. If this assumption is the basis for implementing an insider threat program, then it’s likely that the uncomfortable topic of addressing this issue will go un-met and businesses remain at risk.

In our experience, it’s not necessary to take this view. Instead, the issue should be thought of more as an exercise in employee education, security best practice, and the creation of a security-aware culture.

The majority of data breaches or losses are caused by accidents. An accidental data breach can be caused by an ordinary user not following policies or training. For example, a user not using encryption with thumb drives. Or a privileged user not properly configuring a server or other resource that leads to data being exposed to leak or allowing those who do not have permission to view sensitive data.

And then there’s shadow-IT. The rise of Dropbox and other services that provide ‘shadow’ operational capabilities are the bane of many an IT director, who have to play a constant game of whack-a-mole in order to identify and stop users from using these services.

By viewing this problem from the perspective of who or what may pose an insider threat, it’s possible to implement the necessary policies, processes and technologies in order to help properly train staff, implement the proper controls and auditing systems that will identify both the accidental and malicious insider.

A number of options are available to businesses, and they typically involve a blend of policies, processes and technologies. As with all cyber security programmes, they must start at the board level as each department needs board sponsorship to help implement the blend of policies, processes and technologies required.

For example, policies and training are important to help stop the accidental insider breach. The use of data controls are important to ensure that people are stopped from accessing areas of information they shouldn’t have access to, but these need to be supported by the proper use of auditing technologies to ensure that both policies and controls are working as expected.

Boards must also understand that security is not just a problem for IT to solve. For example, proper leaver processes needs to be implemented, and departures need to be communicated to IT.

By putting all of these pieces of the jigsaw in place you will be able to easily detect and correct accidental behaviour before it leads to a significant problem for your business. You will also have the added bonus benefit of identifying and stopping rogue employees intent on stealing data in the rare, but highly damaging, event that there is one in your organisation.

Nobody wants to believe that the people you’ve hired, worked with, and earned hard-won business victories with might steal from you. Yet, accidents do happen.

By implementing some fundamental best practices and a security-aware culture you will help improve the education of your workforce and catch the highly damaging cases of insiders trying to steal your valuable business information.

Jamie Graves is the chief executive officer of ZoneFox, a software company based in Edinburgh’s Code Base, that specialises in endpoint threat visibility. @zonefox