[gap height=”15″]
The FBI caught David Yen Lee at his home before he could depart for the airport where his flight was waiting. The hard drives the FBI sought were in his possession. On those drives were the trade secrets of a very well-known USA-based paint company, and David had purchased a one-way ticket to Shanghai, China where he intended to illegally hand over those trade secrets to Nippon Paint. He served over a year in prison for his crime.
[gap height=”15″]
Today’s cybercriminals come at your company from many angles. Their motivations are often more practical than many law-abiding citizens would expect:
[gap height=”15″]
- Profit. They want money, and you have information they can monetize.
- Influence. They can use data to manipulate business or personal situations in their favor.
- Power. If your company dominates an industry or owns critical trade secrets, others wish to take that power away from you and use it for their own advantage. Cybercrime is one way to accomplish that goal.
[gap height=”15″]
Motives such as these change the way cybercriminals operate. They are organized. They share information amongst each other. They are often well-funded. These things make them more dangerous. In the example above, David Yen Lee is an internal cybercriminal. He is one of your employees.
[gap height=”15″]
This is a difficult topic. While it’s true that internal employees are responsible for a large number of cybersecurity breaches, it’s also true that most of these are unintentional. They are a result of good people doing something they shouldn’t, either out of ignorance or because a cybercriminal tricked them into doing it (if you saw the movie Catch Me if You Can, this is Frank Abagnale’s social-engineering behavior). Statistics on the exact percentage of “insider” cyber breaches that are deliberate vs. inadvertent vary widely, but the opinion can be held that the vast majority of insider threats are not malicious. No matter which statistic you believe, everyone agrees that many insider threats would have been prevented if the insider had understood how his or her behavior allowed a breach to occur. It’s easy to see why a good cybersecurity awareness training program is so important to the success of your company.
[gap height=”15″]
With that being said, there is a risk of an employee with malicious intent breaching your sensitive data. Whether it be to share sensitive details to a competitor, profit from your data, or a disgruntled employee looking to carry out revenge against your company. If your company falls victim of a malicious-intentioned employee, finding out what happened is even more difficult because they often have high-level system privileges that allow them to erase their tracks.
[gap height=”15″]
If your company is one of the unlucky ones in which an insider deliberately caused a security breach, then you are automatically in the highest risk category of those susceptible to cybercrime. The keys to mitigate this risk are simple: Educate Your Employees
[gap height=”15″]
Establish a strong, mandatory and frequent cybersecurity awareness training program for your employees that clearly lays out the policy for cybersecurity and the consequences of violating the policy.
[gap height=”15″]
Don’t allow employees to take home devices that contain sensitive files due to the risk of the device being stolen or sensitive data being transmitted over insecure networks at their home or other locations.
[gap height=”15″]
Instruct your employees to never share their passwords.
[gap height=”15″][gap height=”15″]
Know Your People
[gap height=”15″]
Perform background checks on your staff to assist in identifying those who may take deliberate actions that would harm your company. Know which people have access to the most sensitive data.
[gap height=”15″]
Guard your most sensitive data. Limit your employees’ ability to obtain access (intentional or unintentional) to sensitive information via a least-privileged approach to your data.
[gap height=”15″]
Identify your most sensitive and valuable data. Then, assign that data the highest safeguarding and most persistent monitoring.
[gap height=”15″]
Remove “local administrator privileges” from your users to their company-provided laptops or desktops. A “local administrator” is someone who can do anything he or she chooses to with a computer, such as install programs, delete files, change sensitive security settings, and so on.
[gap height=”15″]
Turning on “egress filtering” on your network and limiting the use of USB “thumb drives” will make it harder for anyone to make copies of it and move them outside of your organization.
[gap height=”15″]
Ensure that you have forensics available to you. Tracking down an internal cybercriminal requires logging of network activity, especially for any access to sensitive information. Any logs need to be stored in an area that is limited to the fewest number of employees as possible.
[gap height=”15″]
In short, your employees are your most valuable asset, but can also be your greatest liability. They need to be trained on best practices to keep your data safe, and they also need to understand that you have forensic systems in place that will likely catch them if they attempt to access data they should not. A “trust but verify” approach regarding staff access to your critical intellectual property is an important part of your company’s cybersecurity program.
[gap height=”15″][gap height=”15″]
It’s easy to see why a good cybersecurity awareness training program is so important to the success of your company.
[gap height=”15″][gap height=”15″]
