Protect Against Insider Threats to Your Organization

In the early 90s, I worked for a small company that had about 30 people in the corporate office and a network of sales associates. One morning when I showed up for work, security guards filled the lobby, and several police officers escorted a handful of employees of out the office. They were responsible for selling valuable company information to a competitor. Their breach impacted that company so deeply that it never fully recovered. Even a small company where everyone is like family may face internal threats that could end up bankrupting the business.

How do you guard against employee theft of data without creating an environment of suspicion? By developing and administering an internal security policy, you can keep internal security at a professional level. Here are a few highlights in beginning to consider a plan:

• Understanding Your Data
• Monitoring Network Activity
• Utilizing Data Protection Tools for Various Devices
• Implementing a Departure Process

Understanding Your Data – Not all data is equal. It is essential to understand and rank your data based on corresponding levels of security. By establishing some a system fo ranking, you can control access to specific data based on position. You can also monitor access to data on the network.

Monitoring Network Activity – Stuart Meyers in his post on “Exposing Insider Threats” recommends monitoring access to data files and specifically to high value data. If you notice an unusual pattern of acess to specific data sources on the network, it could be a flag to potential questionable internal activity.

Utilizing Data Protection Tools for Various Devices – It is important to use a software-based encryption container on all devices that can leave the building (smartphone, laptop, etc). Whether the employee uses a company-owned devices or a personal device, the company must be able to implement a robust package of security features such as “password, remote wipe, policy enforcement, and encryption—or they supported a software-based encryption.”[1]

Implementing a Departure Process – It is essential to have a set of departure protocols when an employee leaves the company that involves supervised collection of personal employee data off of company-owned devices as well as wiping any company data on an employee device.

These are just a few highlights for thinking more deeply about an internal security plan. The experts at Integracon can help your business develop a robust internal and external security plan, involving combination of software, hardware and policy solutions.

[1] Best Practices for Enabling Employee-owned Smart Phones in the Enterprise. Intel IT Best Practices White Paper, December 2011