Cyber-attacks – such as phishing, malware and ransomware attacks – are constantly on the radar of IT professionals looking to keep their systems secure from external threats. But in many industries the chief contributor to data loss is actually insider threats.
More often than not this comes in the form of employees who are moving jobs and want to take your customer data with them so that they can hit the ground running. In addition, former employees who haven’t had their system access revoked could also pose a potential risk to your business. Even if you don’t really have a problem like this within your business and 100% trust your employees the following is still best practice.
So what can you do to stay protected? Well you’ll be delighted to know that there are now a wide range of measures you can put in place which go way beyond simply blocking access to Dropbox. Here we take a look at 8 options available to you which will help protect your company from insider threats:
1. Site Blocking
As alluded to above, a good place to start is to remove user access to file sharing websites such as Dropbox, Sharefile etc. But don’t just stop there. Make sure you have alerts on your system that flag up when a user sends a large attachment via Gmail, Hotmail etc. Many other sites – which you might not have considered – can also be used as a backdoor method of data extraction. For example, users can use the messaging functions within social media sites as a way of sending attachments outside of your business. So you should monitor these sites closely as well.
2. Restrict USB Access
If users find that they can’t send data out via the web they will next try to extract data via USB. Policies controlling the ability to use USB devices are now a must for all businesses.
3. Screenshots
The next step you should take would be to prevent users from print screening, as they may use this as a method of taking sensitive data outside of your company. Screenshots are commonly used as people believe monitoring systems are mainly looking for files such as spreadsheets. If you’re implementing a policy to block screenshots make sure you remove access to the Snipping Tool as this essentially does the same thing as print screen.
4. Clipboard Limitations
Another method of insider threat protection is to restrict the extent to which users can use copy and paste in order to prevent them from making copies of key data. If your users can access certain data on their own devices this represents a possible data extraction point. One way to completely shut this avenue down is to use a hosted desktop which has copy and paste restricted. Then whatever device an employee uses their entry point is a hosted desktop which will always have clipboard restrictions in place.
5. Key Logging Software
Key logging software is often sneakily installed by malicious hackers in order to find out passwords and gain access to your systems. However, similar software to that used by hackers can actually be put in place to guard against insider threats. Keyloggers can monitor users’ behaviour and also for alerting purposes. If certain words or phrases are typed, you can set the keylogger to tip you off. Often simply informing users that this software is installed is preventative enough as when they know they are being monitored they are unlikely to risk attempting something that would draw unwanted attention.
6. Printing Restrictions
Some people prefer the old fashioned method of stealing data and will print out customer data rather than extract it via email or USB. To prevent this, you can either implement a printing policy which restricts who can print from certain applications or alternatively you can monitor activity. For example, is someone printing a lot more than they usually do, are they printing a lot of Excel files or images, are they doing this first thing in the morning when no one else is in? All this data can highlight suspicious behaviour which you can then act upon.
7. Activity Flags
Tracking how a user interacts with your data and certain applications is another great way of staying on top of insider threats. Are they accessing certain client accounts more often than they normally do? Are they accessing clients that they don’t have anything to do with? Suspicious activity like this should be flagged up to your IT department so they can keep an eye on that user. Again, like key logging, simply letting users know that you have this ability will put the majority off trying anything in the first place. It might seem a bit like Big Brother but the impact of data loss can be massive for business continuity so it’s an important step to implement.
8. Mobile Device Management
If a user has access to work emails or business applications such as Office 365 from their mobile, tablet etc. then you should implement a Mobile Device Management (MDM) policy. Such a policy gives you the ability to remotely wipe their device in the event that a) they leave; b) you suspect them of posing an insider threat or c) their device is lost or stolen.
If you’d like to find out more about implementing any of the above solutions to increase your resilience, please contact us and our team will be happy to help.