We are constantly talking about hackers, malware, viruses: all things that happen outside of your company, and possibly even outside of the country. However, the biggest risk to your company’s data could be closer than you think: malicious insiders stealing company information is on the rise.
In 2015, 60% of all attacks were carried out by insiders, according to the IBM X-Force 2016 Cyber Security Intelligence Index. Of these insiders, 44.5% of them were malicious insiders, and 15.5% were inadvertent actors. This means that employees were more educated in not opening malicious emails or accidentally exposing corporate data to the world, but it also means there are more malicious insiders with motives. A disgruntled ex-employee seeking revenge is one reason why an insider could attack your company or being encouraged to perform espionage and steal trade secrets is another.
Here is what you can do to help prevent against an insider account:
Employee education and open employee communication. Let it be known what you expect from your employees and why it’s important. Implementing complete data lifecycle management can also help inform employees what to expect.
Use products that monitor employee behavior and alerts you to abnormal behavior. Access management, specifically privileged identity management, protects, audits, and automates the use of privileged identities and helps defend against insider attacks
Identify your most precious company information: the information that if leaked could severely damage your company and its reputation. Once you know what that is, you can govern who has access to this information and the policies you will implement to secure that data.
A structured approach to preventing insider attacks will help protect and secure your company’s most precious information. Being aware and prepared will help keep your company secure, but will also help your relationships with your employees by creating open communication and clear expectations.