Risky Insider Threat Behaviors & How to Address

By: Absolute Editorial Team | 4/4/2017

It's not surprising that insider threats continue to be a top source of cyberthreats for businesses. Mobility, the cloud, decentralization of IT, and shadow IT all combine to increase insider threats -- and there are simply more ways that people can put data at risk.

We’ve talked about the Three Faces of the Insider Threat, and how negligent or unsuspecting employees are more dangerous than those who are malicious.  A report from Intermedia called out 7 Habits of Highly Hackable Employees and top negligent employee behaviors. The report found that 93% of employees were engaging in at least one form of poor data security.

Best data guardians? It's not always IT

It's not always your IT department. For example, 40% of IT professionals and 27% of all respondents in the Intermedia report believe that it's okay to install applications without consulting IT. This confirms our own findings that IT professionals are not always the best data guardians.

Similarly, IT professionals were more likely to share logins with multiple users, and maintain access to systems belonging to previous employers even after they leave the company.

Top risky employee behaviors & how to fix

Luckily for businesses, there are ways to address these issues that are both simple and effective. Some of the behaviors that characterize risky employees -- and how to stop them -- include:

  • Problem: Weak passwords. Solution: Integrate multi-factor authentication or single sign-on (SSO) practices.
  • Problem: Employees share credentials. Solution: Integrate SSO or a team password manager in cases where individual passwords aren't an option.
  • Problem: Employees install apps without consulting IT (leading to shadow IT issues). Solution: Make sure you have visibility into each device to monitor for sensitive data -- either on the device or held in cloud apps. Keep a list of blacklisted apps that don't meet minimum security standards.
  • Problem: Uploading data to personal cloud storage apps. Solution: Use a combination of tactics -- whether it’s preventing employees from copying data off the network, or technology that can monitor and remotely delete sensitive data.
  • Problem: Employees who still have data access after they leave the company. Solution: Establish a clear exit checklist, including revoking passwords/access, and remotely deleting data from employee devices.
  • Problem: Carelessness with email, or file sharing/sending sensitive data to themselves or others. Solution: Mix and match solutions specific to your organization, such as encryption, email scanning, and network, endpoint and cloud monitoring.

Insider threats: Awareness is key

Insider threats are a big deal, but controlling them isn't hopeless when you're aware of potential security holes. Companies can take back control with ongoing training, relevant policies, and layers of security technology. Choosing ‘smart’ technologies that extend visibility and offer pre-emptive alerts for unusual activity can help you quickly remediate security threats -- before they turn into costly data breaches.

Absolute’s self-healing endpoint security capabilities help eliminate blind spots and surprises; triggers instant remediation when a breach happens, and ensures the resilience of all security and management controls on your endpoints. When you build pervasive resilience into your entire security stack -- whether it’s encryption, VPN clients, anti-malware/anti-virus apps -- enterprises can ensure stronger security controls against both insider threats and increasingly sophisticated attackers.

Financial Services