You know how dangerous a break-in to your database could be to your bottom line, so you’re always looking to protect yourself from outside attacks. That strategy could backfire.
You may think none of your staffers have it in them to hijack your data or sabotage your operations.
But consider this: Research on malicious insiders by Symantec found 50% of employees admitted to taking confidential data when they left a job.
At risk from insiders
In other words, insiders stealing data is a much more common problem than many companies realize.
However, there are steps you can take now to prevent data theft and damage from malicious insiders down the road, according to Dawn Cappelli, VP of information risk management, and Susan Schmitt, VP of HR, from Rockwell Automation.
Creating effective programs
At the 2016 RSA Conference, the pair outlined steps from their own company that others can use to prevent data theft and sabotage.
There are five steps companies should take to create effective insider threat programs beyond just implementing auditing tools:
1. Form an insider threat team
Insider threat teams should include different departments, including HR, Legal, IT and management.
This can help IT pros implement safeguards that address warning signs of potential malicious insiders, and also factor in other considerations.
Monitoring users without context from other departments might turn up false positives, such as activity that looks malicious but is done for legitimate, business purposes.
2. Collaborate with HR
One of the most important steps for an effective insider threat program is collaborating with HR.
Research Cappelli helped conduct shows that 50% of insiders steal data and intellectual property within 30 days of leaving a company.
So IT’s best bet for preventing insider damage is to have HR inform techs in advance when users are leaving the company.
That way, IT can look out for suspicious activity and get a jump on auditing computers for missing data.
3. Train managers to share red flags
Malicious insiders planning to conduct sabotage often show warning signs, like antisocial behavior, fighting with co-workers or showing frustration about changes, says Schmitt.
Managers should be trained to watch for warning signs of disgruntled users and share the info with HR and IT, especially if the users have access to important data.
4. Create an anti-theft document
Your legal team can assist insider threat programs by helping to create an anti-theft document for users
to sign, saying that no copies of confidential data have been made when they left the company. This creates a legally-binding agreement that can help companies take further action if a malicious insider slips through.
5. Be transparent and consistent
It’s also a good idea for companies to be up front with users about insider threat programs, although you don’t have to give specifics about everything the program entails.
Just knowing IT is watching can discourage some would-be saboteurs.
Schmitt notes that even seemingly innocent users can conduct data theft, making it key that IT is consistent with auditing former users’ devices.
Cite: “They’re people – not data! The Human Side of Insider Cyberthreats,” presented by Dawn Cappelli and Susan Schmitt at the 2016 RSA Conference in San Francisco
