When searching online for an image of a cyberthreat actor, you will probably see images of a hooded person using a computer in a dark room. However, in reality, a cyberthreat actor may be an insider — one of your employees, ex-employees, suppliers, business partners, or other people within your organisation who have legitimate access to your data and IT systems. In fact, Verizon’s 2021 Data Breach Investigations Report found that insiders are responsible for about 22% of security incidents — some of which occurred by accident, while others with malicious intent.
Malicious insider threats are those who are out to steal, destroy, or sabotage company data and IT systems for reasons like revenge, coercion, espionage, or sale of intellectual property. The good news is that you can implement the following best practices to minimize the risk of malicious insiders:
Thoroughly vet all employees and other IT network users
Before you grant anybody access to your company data and IT resources, you should conduct a thorough background check on them first. For example, your pre-employment requirements should include asking for one or more official IDs (e.g., Australian passport or driver’s license) to verify their identity. Potential hires must also submit their police record checks, character references, and previous places of employment. You could even hire a background investigations company to check on these applicants.
Provide unique user accounts
Make sure that everyone who has access to your IT systems has their own individual user account. By doing so, you will be able to quickly identify and block users who are involved in suspicious activities.
Restrict user access
Deploy role-based access controls in which users have access only to the data and IT resources they need to do their job. For example, accounting staff members should not have access to the HR department’s employee salary information or the R&D team’s research data.
When an employee changes roles, their system access and rights must also be changed accordingly.
Employees with IT administrator roles must have separate user accounts for their administrative and non-administrative activities to limit the use of IT admin accounts. It is important to protect IT admin accounts because they have special privileges, such as:
- Making changes to the system’s configuration
- Managing users in the system
- Installing or deleting programs
Such privileges make IT admin accounts attractive to malicious insiders looking to wreak havoc in your organization.
Deactivate access
When an employee leaves the company, your IT staff must immediately disable that employee’s account access and rights. They should also change any shared passwords that the employee knows, such as:
- Office Wi-Fi
- Company social media accounts
- Bank accounts
- Email accounts
- Other online accounts
Implement multiple security measures
It’s best to take a multi-layered approach to cybersecurity, which involves the use of various protection solutions, such as:
- Anti-malware program – Scans, identifies, blocks, and removes malicious software that insiders might bring into your computers and network, especially if they use their own devices for work
- Intrusion detection system – monitors network traffic for suspicious activities
- Intrusion prevention system – prevents or blocks intrusions as they are detected
- Security information and event management software – collects relevant data from multiple sources in the network, identifies unusual activity, takes appropriate action, and reports security-related events like failed logins and alerts
- Data encryption software – makes plain-text information indecipherable to anyone who does not have the corresponding decryption key
Aside from deploying security technologies, you must also have proper physical security controls in place. For example, you should keep server rooms or closets always locked and accessible only to authorized personnel. You should also monitor all critical facilities in your office using surveillance cameras with motion sensors and night vision. Otherwise, an insider can easily steal hard drives, reset security equipment to default factory settings, or make other system reconfigurations to wreak havoc.
Establish IT security policies
Create, document, communicate, and enforce policies related to the use of your company’s IT resources like:
- Data protection policy – sets rules and guidelines on securing company data
- User account management policy – governs the management of user accounts, and their respective access privileges and user authentication measures
- User monitoring policy – discloses the proactive review of end user activity
Make sure to also establish the penalties and actions that will be taken in the event of a policy violation.
Let Austin Technology handle your IT security needs. With our help, your company data and IT systems will remain protected from both insider and outsider threats. Consult with our IT experts today.