(Updated on 02/23/2021)
When organisations consider the threat posed by insiders, often they think first of malicious intent. How will we protect ourselves against disgruntled ex-employees or current employees who have ulterior motives? What if one of our partners or vendors decides to steal data from us on purpose?
These are valid instances of insider threat, but they aren’t the only ones. And, in fact, the unintentional insider threat can be equally risky to the organisation and is unfortunately quite common, accounting for 25% of data breaches in 2017. For this reason, it’s important to understand what accidental data misuse looks like and to put in place a plan to prevent unintentional insider threats and stop them in their tracks.
Here are five ways insiders can accidentally pose a threat to your organisation.
Misunderstanding Regulations
Different organisations are beholden to different laws, compliance mandates, and regulatory requirements. There are a lot of frameworks out there, and if some people in your organisation do not fully understand how a certain framework applies to their work, they may make mistakes that expose you to risk. For example, if a team member does not understand how HIPAA laws work and chooses to hand over a dataset to a third party processor that isn’t HIPAA-compliant, you could find yourself in hot water. For this reason, it’s vital to conduct regular trainings for any and all team members whose work requires them to fully understand and apply laws, mandates or requirements that affect the organisation’s security.
Sloppy Personal Security
Ever walked by a fellow employee’s empty desk and noticed their screen brightly lit? Ever come across a rogue flash drive hanging out near the printer? Unsecured devices are a common cause of accidental insider threats. Each individual employee should be aware of the steps that they should take at all times to ensure that the devices they use—both company-issued and BYOD, if you allow those—are well-secured at all times. This includes everything from strong passwords and multi-factor authentication to physical building security (no borrowing or sharing keycards). One small instance of sloppy personal security can lead to a major insider threat.
Using Unapproved Services
SaaS tools, including cloud storage services, can really help employees get their jobs done faster and more efficiently. It’s no wonder that perfectly well-intentioned insiders might, from time to time, store or transfer sensitive data using a personal cloud storage account. This way, they can work from the road or from home seamlessly. Then again, they can also quickly open your organisation up to a whole new level of risk. Make sure your employees understand which services are approved and which are not, how to properly secure their services, and what types of data must be stored where and how. This will decrease the odds of their accidentally sending highly confidential data to an unsecured location in the cloud, thus exposing you to risk.
Breaking Company Policies
In a more general sense, any time an employee steps outside of company policy—whether on purpose or because they’ve forgotten or don’t fully understand the policy—it can increase your risk as an organisation. It’s true that malicious insiders may break policy, but it’s equally true that an employee with no malicious intent may break policy to simplify a task or without thinking about it at all. Regular reviews of company policies are a good idea, but you can’t only rely on a company Wiki or handbook that outlines policies. You also need to have a proactive way of catching employees in the act of breaking policy, educating them on the mistake, and preventing them from taking further action outside the policy. Of course, there are tools that can help. Enter Proofpoint ITM.
Forgetting to Patch and Upgrade
Finally, keep in mind that users can also expose your organisation to risk if they do not keep devices and services patched and upgraded to the latest versions at all times. This can be quite an undertaking if you leave it to individual users, so we highly recommend that you implement an automated patching and upgrade distribution system of some kind. While you want to make sure that a major system upgrade doesn’t suddenly start happening in the midst of a workday, slowing down and frustrating users, you also want to ensure that human error or laziness can’t cause a major insider threat. Automation can go a long way toward making sure that vulnerabilities and flaws are patched up before they can be exploited.
Decreasing Your Accidental Insider Threat Risk
We often say that the biggest threat to your business today isn’t the outsider trying to get in. It’s the insider who already has the keys. And it certainly doesn’t have to be an insider that’s out to take down your organisation. As the above examples illustrate, accidental misuse can be one of the biggest overlooked causes of insider threats today. With the recommendations above, you should be on your way to putting a stop to unintentional insider threats and decreasing your overall risk profile.