Business Security Information

What are Insiders?

I have read a number of articles related to the security issue of insider threats over the past month or two and thought it would be a good idea to cover that issue in one of my posts.  First, what is an insider–just an employee or more than that?  Insiders are more than just employees or staff and can include consultants, vendors, contractors, service providers and other that you deal with on a regular basis.  Insiders are dangerous because in your dealings with them, you have  probably given them access to your company’s network and/or business facilities.  This opens you up to all kinds of threats.

Security Threats from Insiders

So, what bad things can an employee or other insider do to your business?  Some of the more frequent things done by insiders include committing fraud, theft of physical assets (including money), theft of data or information, introduction of malware or spyware onto your network, corruption or deletion of data, identity theft, altering of information or data, and sabotage.  These types of losses can result in more than just hard money losses but can also result in legal issues and fees, productivity loss, compliance related issues, and most of all loss of reputation or damage to your company’s brand.

No matter how the workplace changes from year to year, the statistics have been fairly consistent in showing the majority of losses experienced by businesses are from internal threats or insiders.  Studies have varied in their assessment as far as the depth of the problem, but most have fallen in the 60 to 80 percent range.  This percentage means that for your business, 60 to 80 percent of your losses come from those around you.  I know most of us do not want to think about this, but a recent study by GFI found that about half of all small and medium-sized businesses are not concerned about employee data theft, and only 22 percent of these businesses feel that internal security issues are greater than external security issues.  Also a couple of 2008 studies from CSO magazine and Computer Security Institute show that insider threats are up approximately 17 percent.

I can tell you from personal experience in dealing with a number of small and medium-sized businesses over the years that the majority of businesses work on or deal with external security issues such as the burglar or hacker before they ever think about the internal issues.  I myself as a security professional also fall into that trap of thinking about the external security issues ahead of insider threats.  I think we all do that because external security issues are just more straight forward and visible, and nobody likes to think about not trusting those they work with on a regular basis.

Handling the Insider Threat

What can you do to deal with the security issues related to insiders?  I have listed a number of items that you can look at to protect your business.  Some of these will apply directly to data security issues while others will deal more directly with physical security, and some can apply to both.  Look at these security measures and determine which ones will benefit your business and work on implementing them.  This is not a complete list so if you have used other security measures in your business successfully, leave a comment and share your wisdom with the rest of the readers.

1. Do background checks – this includes not just employees but also vendors, contractors, consultants and others that you use in your business.
2. Require background checks and any security measures be written  into contracts with vendors, consultants, and other insiders.
3. Restrict access – physical and network access.  Basically keep access limited to the least necessary for the insider to do their job.  This is the security principle of least privilege.
4. Monitor insider’s behavior – especially when on the network.  Also be looking at changes in attitudes or behavior that may indicate a problem.
5. Restrict remote access and the level of remote access allowed. It is a good idea to restrict remote access to less than they have when in the office.  Basically, limit remote access to just the critical resources they need for their position.
6. Use available tools for protecting the network– this includes such things as Data Loss Protection tools which help prevent data from leaking out from the business by blocking it or warning the user, Anomalous Behavior Detection tools which look for abnormal behavior on the network and Format Preserving and Encryption tools which can encrypt key data such as credit card number or social security numbers etc. making it appear normal so if it is viewed or taken it will not provide useful information.
7. Eliminate or remove physical and IT access for insiders when they leave the organization.  Eliminate computer accounts, change passwords, remove remote access accounts, change access control codes, re-key or change locks, etc.

Remember, even if you address all security issues related to computer or network security but do not address the physical security issues, the insider can still access, copy, or steal information, money or other company assets. Look closely at the insider threat issue in your business and the best way to address it.  Each business is unique so what works at one business may not work at another.

Related posts:

1. Addressing the Most Important Business Security Issues
2. Cybercrime Small Business Survey
3. One Key Ingredient To Good Security