How to Stop Insider Threats

bad apple

  Steps to keep your confidential data within the confines of your building.  

Watch what leaves the office

Employee turnover is common, as is the practice of employees taking sensitive and confidential data with them when they leave, particularly data that they were involved in generating. This creates a significant risk for employers whose data was misappropriated, resulting in potential data breaches that can trigger regulatory actions or legal actions, as well as a variety of other consequences. Most employers are not adequately prepared to deal with the aftermath of employee data theft and many do not take the steps necessary to mitigate these risks before they occur.

However, there are a number of things that decision makers can do to protect their companies and minimize, if not eliminate, the threat of employee theft of sensitive and confidential information.


In organizations that have not fully embraced or deployed encryption, perhaps the place to begin the process is by targeting the areas that are most obviously in need of protecting sensitive or confidential content: sensitive data assets and the devices that are used to access them. Decision makers should identify privileged communications, as well as content that could greatly harm the company’s standing with business partners and other key constituencies if it was exfiltrated by departing employees. This includes files that contain clearly sensitive documents like financial projections, draft policy statements, bids, tenders, acquisition information, employee medical records, partner information or customer financial information. This content typically represents the vast majority of the risk in most companies and is relatively easy to protect using robust encryption technologies.

Mobile device management

Mobile Device Management (MDM) technology can protect corporate data on mobile devices by allowing an administrator to monitor content on corporate and personally owned devices, containerize corporate data on personally owned devices, and remotely wipe this data quickly. While it’s possible for an employee to exfiltrate data from mobile devices before they have announced their departure, MDM solutions ensure that employees will not have access to corporate data on mobile devices after their access is supposed to end.

Employee activity and content monitoring

Another important technology to help prevent employee exfiltration of data are solutions focused on monitoring employee activity and how content is accessed. There are varying levels of features and functions for the variety of monitoring tools currently available, but capabilities enabled include monitoring all email and webmail traffic, tracking the web sites that employees visit, capturing all of their instant messages and social media posts, logging the files they have accessed, taking periodic screenshots, and even keystroke logging in some cases. While these types of tools carry with them a bit of a “creepiness” or “Big Brother” factor, they are useful in two ways: first, by allowing IT to understand just about everything an employee is doing; and second, by inhibiting inappropriate behavior because employees know their activities are being tracked.

Implement dlp and/or file analytics technology

Another useful set of capabilities to protect corporate data are Data Loss Prevention (DLP) and file analytics tools. DLP tools monitor content and can carry out a variety of actions based on pre-determined policies. For example, if an employee attempts to download sensitive or confidential information to which he or she would not normally have access, or if an employee downloads a large amount of information, the request can be sent to a compliance officer for approval.

File analytics technology allows administrators and others to search through unstructured data that can be stored just about anywhere across an enterprise, analyze the content of this information, apply supervisory rules, and retrieve information as needed. File analytics tools can scale massively to allow search, analysis and retrieval of enormous volumes of information.

Solutions that will prevent offloading of data

Another useful technology that can reduce the likelihood of employees exfiltrating data upon or before their departure is the ability to prevent the copying of data onto physical media, such as CD-ROMs, DVD-ROMs or USB drives. Depending on the technology, these can be controlled by policy so that employees with a legitimate need for these capabilities can perform these functions, but all others will not be able to do so.

Account activities

  • Disable all accounts to which the employee has access. A 2015 SailPoint survey found that 66 percent of employees had access to corporate data that they had uploaded to a cloud storage application like Dropbox after they left.
  • Disable access to the company network.
  • Disable access to the Active Directory user account or equivalent.
  • Change passwords for all applications, cloud-based storage, etc.
  • Take the employee’s security pass.
  • Remove employee from all distribution lists.
  • Redirect employee communication (e.g., email) to an appropriate individual.
  • Delete the employee’s voicemail account and/or change the voicemail password.
  • Ensure that when an employee leaves the organization, his or her email is forwarded to someone else, such as the departed employee’s manager or replacement.

Backup, archiving and content management functionality

  • Reduce storage cost using low-cost, cloud-based, ‘cool’ storage (storage designed for the retention of data that is rarely accessed).
  • Deploy backup and recovery solutions that are designed for rapid restoration of files if employees delete or corrupt files.
  • Keep compute charges low with on-demand indexing and search.
  • Implement automated retention and disposition policy management capabilities.
  • Implement ECM capabilities that will provide users with the ability to access and make changes to existing documents, but that will do so under the control of corporate policies focused on appropriate roles and permissions and that will provide a thorough record of all file transactions. This includes activities by mobile users, users of enterprise file sync and share systems, and all other corporate solutions.
  • Implement a permanent locking feature for SEC compliance.

Management activities

  • Provide good training for managers so that they can be aware of best practices for managing employees, recognizing problems before they occur, dealing with departing employees, and handling exits professionally.
  • Providing good training for employees so that they are aware of best practices for protecting data, using company-approved tools, and maintaining adherence to company policies.
  • • Implement the appropriate solutions that will allow HR, senior executives, legal and other relevant parties to monitor managers’ behavior so that they can identify managers who need additional training on how to deal with employees in a professional manner.

[via: CSO]

Related Reading: