5 Steps to Deterring Insider Data Theft



The insider threat is something that every company must deal with, but effectively mitigating the risk of insider data theft can be difficult. Follow these 5 steps to drastically reduce the chances of insider theft at your company.


5 Steps to Deterring Insider Data Theft

With all of the press about cyber-attacks from China, hackers in cabals in Eastern Europe, and the prevalence of phishing attacks, it’s easy to lose sight of the fact that insiders remain a significant threat to your corporate crown jewels. The Experian 2015 Second Annual Data Breach Forecast predicts that employee mistakes will be a top threat to companies in 2015, and one that will fly under most companies' radars to boot. As they point out, insider data loss can either be malicious, with a disgruntled employee taking or selling sensitive corporate data, or inadvertent, through human error.

The least expensive means to deal with insider data loss is not to have it in the first place. While it’s impossible to avoid all insider data loss, here are 5 tips for deterring insiders from taking or losing data:

1. Establish an Acceptable Use Policy

Be clear about what is acceptable use of the company’s data and information and what is not. Be clear that the organization reserves the right to monitor all activity, whether personal or private, on company-provided equipment and on corporate networks. The SANS institute offers a sample Acceptable Use Policy that is available without copyright restrictions.

2. Train employees on the Acceptable Use Policy

Educate employees on the Acceptable Use Policy during the onboarding process, and require that they sign a statement saying they have received the policy. Provide ongoing training for all employees on the policy. The Acceptable Use Policy is the police car with a radar detector: it causes employees to slow down and consider their actions.

3. Remove temptation

Ensure that sensitive corporate information is protected appropriately with passwords or multi-factor authentication, and, for the most sensitive information, encryption. Operate on the principle on least privilege, in which employees have access to applications and data only as required by their position. Conduct regular reviews to ensure that employees least privilege is being appropriately maintained and terminate accounts that are not required for employee duties.

4. Provide a means for employees to conveniently report suspicious activities

Employees who maliciously steal corporate information often change their behavior. They complain more, are less cooperative, and are generally disgruntled. They may start taking proprietary material home, show interest in matters outside the scope of their responsibilities, or access the computer network while on vacation, on sick leave, or at odd hours of the night. Training employees to spot this behavior and giving them a means to report these changes in behavior or other suspicious activities is helpful in identifying employees who are a risk for stealing data.

5. Be especially vigilant when an employee leaves the company

Even if the parting is amicable – and often it is not – employees leaving the company may be tempted to take information with them to their next employer. When an employee leaves the company, immediately terminate all employee accounts. Remove employees from all access lists, and ensure they return all access tokens and any other means of access to secure accounts. Remind departing employees of their legal responsibilities for data confidentiality and provide them with a copy of any employee-signed confidentiality agreement.

Harriet Cohen

Dan Geer on How to Mitigate the Risk of Insider Threats

Dan Geer explains how to apply the reference monitor concept to mitigate the risks presented by insiders.

Get the whitepaper

Related Articles
Former Healthcare Exec Sentenced for Sabotaging COVID-19 Supply Deliveries

The ex-VP conducted an intrusion into his former employer’s package shipping system and delayed PPE essential to healthcare workers.

Friday Five: 4/5 Edition

Employee theft at SMBs, fighting stalkerware, and a "hacker-proof" new cryptographic library - catch up on the week's infosec news with this roundup!

Friday Five 12/2

$31M in digital coin stolen, an insider extortion attack, and a new cybersecurity resource for healthcare workers - catch up on the infosec news of the week with the Friday Five!

Harriet Cohen

Harriet Cohen is a senior product manager at Digital Guardian where she works in the Office of the CTO to turn innovative ideas for enhanced threat protection into product reality. Harriet has over ten years of experience in the security arena, encompassing both data protection and identity and access management.

Please post your comments here