Insider threat management is about much more than ensuring you have the right technologies in place. It’s about the right mix of People, Processes, and Technology.
Since people are at the center of all insider threats, having a strategy for ongoing cybersecurity awareness coaching and training can help prevent simple mistakes from evolving into insider-caused breaches (Fact: 2 out of 3 insider threats are caused by employee or contractor errors).
Starting this week, we’re introducing a new ongoing blog series that’s focused on helping security practitioners recognize what we call “coachable moments” with employees, or opportunities to share actionable steps on how to work in regular coaching as a part of an effective insider threat management program.
We’re kicking off the series with cloud storage and remote work, both of which are on the rise across all types of industries and company sizes.
The “Work From Anywhere” Trend
According to a recent workplace report from Fuze, 85 percent of employees said they’d find a work from home option appealing, and 83 percent said they didn’t need an office to be productive. In addition, IDC projects the cloud software market to grow to $151.6 billion by 2020 (outpacing traditional software.)
These trends indicate that end-users have more control over exactly how and when they access technology -- in other words, the potential for cybersecurity wrongdoing is increasing. Will you get out ahead of the problem to actively coach potential insider threats on cybersecurity best-practices, or will you wait for an incident to occur?
Password Check: 1-2-3
Weak passwords are the culprit for 81% of hacking-related security breaches, according to a 2017 Verizon study.
Despite the continued stream of staggering statistics around password-related breaches, more than half of users admit to recycling passwords across multiple services. If your organization has a significant percentage of employees working from home or accessing cloud services with individualized credentials, it may be the right time for a password hygiene training session -- or better -- to adopt a service like OnePassword or Okta for identity and access management.
Beyond the proper use of passwords, employees should be trained to use two factor authentication (2FA) as a bare minimum security measure on their cloud software accounts. As a best practice, your team can coach employees on how to use applications like Google Authenticator, and express why they’re important, as they’re more secure than SMS-based 2FA -- just in case employees’ phones (or mobile numbers) were to fall into the wrong hands.
VPN It to Win It
When dealing with highly sensitive or internally privileged information (such as financial services records or development staging environments) many organizations choose to use a VPN to connect remote employees. The upsides of a VPN are that they encrypt data sent over an internet connection, and they enable the use of a full suite of corporate network security technology, even if an employee is offsite. The downside of a VPN -- as many users can attest -- is that the connection can be slow, impeding productivity.
Proper configuration of a VPN can help employees optimize the service, instead of finding ways to circumvent it. Coaching employees on how to set up and authenticate their VPN is just as critical as teaching them why its use is important to protect both them and the organization. Beyond the use of a VPN alone, user activity monitoring can help security professionals stay on top of how employees are handling sensitive data inside a corporate network -- just as if they were working on site.
Know Your Account Security
Phishing and denial of service (DoS) attacks are common ways hackers exploit remote workers for access to corporate networks. These attacks often look unsuspecting (sometimes appearing as if they’re from known senders), and are designed from a social engineering perspective to trick users into revealing their login information or other sensitive information. Keeping users informed on account security best practices can help prevent against these types of attacks.
Some good tips for users may include:
- Keep usernames and passwords to yourself
No one will ask you for your username and password for cloud accounts - Know who is sending an email before opening it
If you see an email from an unknown or suspicious sender, do not click any links - If a login screen looks fake, it probably is
If you see a different or suspicious-looking login screen, do not enter your account information.
It’s a good idea to try occasional simulations to see if users fall for phishing emails or “attacks” sent by your security team, just to make sure your trainings are sinking in on a practical, day-to-day basis.
Stay Tuned…
An effective insider threat program isn’t a one-and-done, checklist-style operation.
It’s an ongoing effort that involves a lot of hands-on, in-the-moment coaching with employees to keep them informed of policies designed to protect them and avoid unnecessary mistakes. We’ll be updating this series with new coachable moments to help your team be more proactive about your approach to insider threat management, and cybersecurity at-large.
If you liked this post, be sure to let us know by tweeting @Proofpoint on Twitter, and sharing this post with your colleagues. (We’d sure appreciate it!)