How to Protect Your Network From Insider Threats?

External threats are not all that threaten your company. There are many threats to your company that can be posed by insiders. These include former employees, contractors, business partners, and employees. According to IBM’s 2015 Security Intelligence Index 31.5% were carried out by malicious insiders. 23.5% were committed by inadvertent outsiders. 95% were caused by an employee making a mistake. They have:

1) Information about the organization’s security policies, data or system.

2) The ability to access and manipulate company assets.

While traditional security measures like firewalls, antivirus and physical checkpoints are effective in protecting your company against external threats, they are not effective at protecting you against internal threat actors. You need to find a new approach to reduce the risk. These are the principles and controls that you can use in order to avoid security incidents resulting from internal sources.

The Principle Of Least Privilege

This principle applies to all work. It simply means that employees, contractors, and third parties should have the minimum amount of information and access necessary to perform their jobs. It reduces the ability of employees to do any actions that could be detrimental to your business by limiting their access to information.

Segregation Of Duties

Some information or actions are so critical that they can have a significant impact on the business. Segregation of Duties is one way to prevent this. This requires that multiple people work together to complete a task. You shouldn’t have the same person approve an order, make the purchase and review the purchases for your company. It’s easy to misuse money if they do all of these functions together. There is no one else to check what they are doing.

Mandatory Vacations

Vacations are not always in the best interest of employees. Mandatory vacations can be enforced to help identify misconduct in the business. This is because someone else will take over the process while the original person is gone. If someone can do a process unassisted for three years, it is very difficult to determine if they are engaging in illegal activities. This is because no one is involved in the process or reviewing that person’s work. If that person has to take two or more weeks off, and someone must take over the process, it’s likely that they will notice any problems. It also ensures that multiple people are trained to perform any task. A company that only has one person trained to perform a particular business function can be too dependent on them, which can lead to problems for the business. Mandatory vacations make sure that multiple people can perform the same function, and help to avoid over dependence on one person.

Create a great employee termination process

Recent firings can cause security issues. Many people find it difficult to let go of a company. Many people take revenge on the company as a result. This could include physical violence against co-workers or managers, destruction of company property, or the planting or destroying of viruses and other forms of revenge. A study by CERT insider threats center found that about 85% of sabotage cases were committed by disgruntled workers with revenge being the primary motivation.

It is important to have a clear plan for how to terminate an employee. To ensure they don’t do any harm, it is important to block access to company networks and physical facilities. People should be treated with dignity and respect, so they don’t feel pressured to take revenge on the company. This list contains best practices for user termination.

Proper Surveillance

This involves monitoring all areas of your company with video cameras. This is usually done using motion sensors and night vision. Signs should be posted to inform people that they are being monitored in these areas. This will help to deter people from doing anything they shouldn’t. You can also enable session screen-capture technology for all sensitive servers and devices that are owned by high-privileged users. You can take screenshots of suspicious behavior to easily prove it.

Use proper backups and recovery processes

A policy that creates backups on a regular basis is a good practice. It helps ensure that the business is restored quickly in case of a major security incident. These policies should be reviewed at least once per month.

Employee Access

Privilege creep is the gradual accumulation of unneeded permissions, access rights, and other privileges by users while they are still employed at a company. This is common because access is often granted, but not taken away. Over time, the user’s access rights will increase. It can be acceptable in certain situations. However, if the access gives too much freedom to the user it should be removed. This will prevent privilege creep.

Monitor your Network for Suspicious Activity

You can monitor your network to detect suspicious activity from employees using tools such as SIEMs. Log management software and change auditing software can be implemented to monitor all actions across an organization. User Behavior Analytics (UBA), a technology that analyzes user behavior, is another important part of this. This technology detects insider threats and targeted attacks, as well as financial fraud. It looks at human behavior patterns and then finds anomalies that could indicate a threat to your business. This is another example of machine learning and big data that helps to identify threats in your network.

A splunk dashboard

Well-Developed Policies to Promote Responsible User Behavior

You should have policies that outline how employees should act during their employment and inform them of what type of monitoring/surveillance your company performs. These policies should include acceptable behavior standards and be part of the employee contract. Others should be documented and made accessible to employees for them to sign or read as needed. This is where the goal lies: To ensure that expectations are clearly established during the working relationship. These are some common policies found in companies:

– Policy on User Monitoring

– Acceptable Use Policy

– Policy on Third-Party Access

– Workplace conduct policy

– Password Management Policy

Working with legal and HR teams is crucial to make sure that everyone is aware of the rules and what they mean. It is important to ensure that your rules don’t violate privacy laws or workplace laws.

Training

Training employees in how to spot suspicious behavior and providing them with anonymity to report it is crucial. It’s impossible to be everywhere, so encouraging employees and incentivizing them to report suspicious behavior can help you identify fraud, abuse and harassment, as well as other negative behaviors that you don’t like.

Conclusion

Because insider threats have access to your company, they require unique solutions. It is important to make sure that employees are restricted in access. You also need to have the ability to monitor and control what they are doing. This starts with proper training and policies to ensure that employees know what is expected of them. It also ensures that employees have access to the company’s computers and network at all times.